Hi,
I’d like to let my users (factory workers, each of the given an additional phone) access only to BBM on their wifi enabled smartphones. I found a script that I modified a bit.
The idea is to map the BBM ip-s by BBM domains, insert a forward accept rule in front of a forward drop; and schedule it in every 5 minutes.
But it doesn’t work this way. Do you know a better way to achieve this? The second forward rule is a forward drop, but it also drops parts of the BBM services (picture and video share).
Layer 7 doesn’t work…
Thanks,
{
foreach iplist in=("global.uci.blackberry.com", "turn.voip.blackberry.com", "stun.voip.blackberry.com", "sip.voip.blackberry.com", "bbmvideo.voip.blackberry.com", "bbm.voip.blackberry.com", "p2p.voip.blackberry.com") do={
{
/ip firewall address-list remove [find where list=$iplist]
global counter true
while ($counter) do={
local ip [/resolve ($iplist)]
if ([len [/ip firewall address-list find where address=$ip]] = 0) do={
/ip firewall address-list add address=$ip list=$iplist } else={
set counter false
}
}
}
if ([:len [/ip firewall filter find where chain=forward && dst-address-list=$iplist]] = 0) do={
/ip firewall filter add chain=forward action=accept dst-address-list=$iplist place-before=0 \
comment=("BBM :" . $iplist)
}
}
}