hi guys,
i wish to ship Mikrotik Firewall products with ready to use rules.
the user should be able to enable/disable filters like facebook, gmail etc. just through the clicks.
other complex rules i can understand need to be programmed but for the above part can we have something in place based on packet transfer??
bang! bang!!
no reply to my idea?
i have many inquires flowing in for the want of user based access to through the firewall… how can that be achieved with Mikrotik?
can i achieve this following config :
http://wiki.mikrotik.com/wiki/Centralized_Authentication_for_Hotspot_user
using level 5??
layer7 matching of the Host header is one way… a somewhat inefficient and error prone one, but still.
Another is to make a script that updates an address list of all IPs belonging to a particular domain name, plus a single firewall rule that blocks any IP from that list. This would work well, except that if an IP hosts more than one domain, people wouldn’t be able to access the other domains either, merely because one of those domains happens to be the one blacklisted. More importantly though, creating such a script on RouterOS itself alone is very tricky - far easier with the API or by an external app that would generate the list, but that means having routers connect with your web server in order to keep their lists updated.
If you want to block a domain, I am of the idea that dns redirect requests work better. You set up transparent dns redirect requests, and then add on the router static dns like facebook.com = 127.0.0.1
aha!! finally..
actually there will be no domain… what i actually want it a simple firewall sitting between the internet and the users and when the user tries to access the internet he should come to a landing page where he should enter his login id and password after which RouterOS will decided if the user has access to internet or not…
Oh, that?
It’s called “Hotspot”, and it’s available from the “IP” menu. It’s already “ready made”.