I have a question, i am learning about mikortik, my boss request me to configure Lan in my work, I could do it watching tutorials and reading a lot. My boss told that user´s lan can´t accesst to facebok, instagram, twiiter,etc, so applied layer 7 protocol list and address list for DHCP to apply in LAN users. Bock works perfectly, users can access to internet via DHCP ans they can browser, but the problem is this, my boss get IP address via DHCP and he wants to access to socials pages, I can´t use stactic addresing out of the DHCP list ans neither apply block for pages to LAN users because i don´t want to block to boss access. is there a way to do an exception for my boss in blocking pages web inside DHCP addressing?
Make an exceptional rule in filter for src-address like - ip firewall filter add src-address!=“ip of a boss” action=drop and so on. This rule will drop traffic in web(what you configured) for anyone except this src-address.
Hi, if I add them using a static IP it works, but bosses use DHCP addressing and they dont´want to use statics IP in their PCs, i tryied to make an excepcional rule in filter for their MAC addresses, but it doesn´t work
“chain=forward action=accept layer7-protocol=Instagram src-mac-address=00:21:CC:D7:68:BA (it is my ether Mac)”
the other rule for LAN is:
“chain=forward action=drop layer7-protocol=Instagram dst-address-list=Deny Socials Web DHCP” (it´s working for DHCP list)
is there a way to do it?, i think it posible, but it possible too that I am understanding/appliying some concepts wrong
Inside of leases form DHCP Server configuration, I added my own PC (PYC) in “make static”, theoretically every time that any bosses want to connect to LAN, e.g IP 50.1.30.44 will be save for one of them??.. I just finish to did that and I can´t access to instagram (rule for LAN users is drop it)
No, i didn´t , but now, I think to do that do, add in rule for instagram and add bosses´IP, but it only let me add one rule by IP, so I should to created a rule for every page by bosses.. i don´t know, but i could be confusing
I thought to do that, but , will it work??.. I mean, i created an address list called “deny socials web DHCP”. addresses inside this list coincide with dhcp adressing (I don´t want to block all IP segment, honestly i didn´t ask for it)… Now, answering to a anumrak (sorry, while I am answering my ideas comes), I just add my PC to “make static” and within DHCP Lease i configured “address” out of IP segment with web block, and it works, Mikrotik assigned to my PC the address (I guess that it use MAC address) .19, I think i could talk to my boss for saving a little segment of IPs to them out of DHCP, what do you think guys?
Actually it worked perfectly, i had to create 2 segments in “address list”, the first one before DHCP, the second one after DHCP, between those segments DHCP addresing -20 iPs that will be used to asign IP by MAC to my bosses without any rule filter…thanks gyus!
, but now, I think to do that do, add in rule for instagram and add bosses´IP, but it only let me add one rule by IP, so I should to created a rule for every page by bosses.. i don´t know, but i could be confusing 