Very often people are searching for a tool which would help, for example, to block access to http://www.facebook.com.
It is very easy to block access to specific page by using IP address:
“/ip firewall filter add chain=forward action=drop dst-address=xx.xx.xx,xx”
When destination which you want to block has multiple addresses then you usually do not want to resolve addresses every day and update firewall rules manually. There is an option which might help in your case.
Use this script. You can modify it but this example will block access through IPv4 to http://www.facebook.com and http://www.youtube.com. You might want to add scheduler which executes this script periodically and update addresses.
#Will work with IPv4
#Script to add IP addresses for specific domains to address lists
{
#Array of desired domain names
foreach iplist in=(“youtube”,“facebook”) do={
{
#Old entries are deleted
ip firewall address-list remove [find where list=$iplist]
#Dummy variable to not get into loop
global counter true
#Check if IP addresses are not repeating themselves
while ($counter) do={
#Resolve domain
local ip [/resolve (“www.”.$iplist.“.com”)]
#Add IP to address list under specific domain list if it does not already exist
if ([len [/ip firewall address-list find where address=$ip]] = 0) do={
ip firewall address-list add address=$ip list=$iplist } else={
#If IP already exist in list then stop resolving this domain
set counter false
}
}
}
#If there is no firewall filter rules which blocks this specific domain then add it
if ([:len [/ip firewall filter find where chain=forward && dst-address-list=$iplist]] = 0) do={
/ip firewall filter add chain=forward action=drop dst-address-list=$iplist place-before=0 comment=("This rule blocks access to " . $iplist)
}
}
}