IMPORTANT ! THIS SCRIPT ONLY WORKS WITH STATIC DNS CONFIGURATION

if you use the dhcp-client, go to and uncheck the field ,, use-peer-dns"#

then go to ip dns and set your static dns server

8.8.8.8 or 8.8.4.4 , Google DNS

Whatsapp Finder Script RouterOS v6.33rc33

This here is the Version for New Terminal

add to Scheduler and run with Time Interval 00:01:00

{

STEP 1 set your prefered List Name here or leave it as it is

:global lst "Whatsapp";

Use DNS Entrys and add dst Address to the Firewall Address-list

:foreach i in=[/ip dns cache all find where (name~"whatsapp" || name~"whatscom") && (type="A") ] do={
:local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms

prevent script from using all cpu time

:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName $tmpAddress");
/ip firewall address-list add address=$tmpAddress list="$lst" comment=$cacheName;
}
}
}

Whatsapp Blocker RouterOS v6.33rc33

This here is the Version for New Terminal

add to Scheduler and run with Time Interval 01:00:00

{

STEP 2 set your in-interface here

:local iif "bridge";

STEP 3 set your jump target name for fw-mangle here, the same name will be the new chain or leave it as it is

:local jt "whatsapp_mangle";

STEP 4 set your jump rule comment here or leave it as it is

:local jtc "Jump to Whatsapp Chain";

STEP 5 set dst-address-here, you must get the same name which from STEP 1 or leave it as it is

:local dal "Whatsapp";

STEP 6 set your new-connection-mark name here or leave it as it is

:local ncm "whats_con";

STEP 7 determine the size in bytes here, connection is determined as valid after reaching size

:local size "100";

STEP 8 set your prefered connection-mark comment here or leave it as it is

:local cmc "Whatsapp Connection";

STEP 9 set your prefered src-address-list Name here or leave it as it is, this list will display your client IP addresses

:local sal "Whatsapp User";

STEP 10 set your prefered add-src-to-address-list comment here or leave it as it is

:local sl "Whatsapp Add Src to Address List";

STEP 11 set your own comment for drop rule, after reached Limit of STEP 7 the Malware connection will be closed

:local mwc "Drop Whatsapp Con";

STEP 12 set your jump target name for fw-filter here, the same name will be the new chain or leave it as it is

:local fwf "whatsapp_chain";

DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!!

:log warning ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle remove [ find comment="$jtc" ];
/ip firewall mangle remove [ find comment="$cmc" ];
/ip firewall mangle remove [ find comment="$sl" ];
/ip firewall filter remove [ find comment="$jtc" ];
/ip firewall filter remove [ find comment="$mwc" ];
:log warning ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle
add chain="forward" protocol=tcp in-interface=$iif action=jump jump-target="$jt" comment="$jtc"
add chain="$jt" protocol=tcp in-interface=$iif connection-state=established,new dst-address-list="$dal"
action=mark-connection new-connection-mark="$ncm" connection-bytes="$size-0" passthrough=yes comment="$cmc"
add chain="$jt" dst-address-list="$dal" action=add-src-to-address-list address-list="$sal" address-list-timeout=6h
connection-mark="$ncm" comment="$sl"
/ip firewall filter
add chain=forward protocol=tcp in-interface=$iif connection-mark="$ncm" action=jump jump-target="$fwf" comment="$jtc"
add chain="$fwf" protocol=tcp dst-port=80 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=443 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=5222-5228 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
}




\

This is the version made by System, Insert to New Terminal and it generate ready schedule Rules

oct/27/2015 16:45:21 by RouterOS 6.33rc33

software id = KPNX-1FGN

/system scheduler
add comment="Whatsapp Finder" interval=1m name="Whatsapp Finder" on-event="# W
hatsapp Finder Script RouterOS v6.33rc33 #\r
\n# This here is the Version for New Terminal # \r
\n# add to Scheduler and run with Time Interval 00:01:00 #\r
\n{\r
\n# STEP 1 set your prefered List Name here or leave it as it is #\r
\n:global lst "Whatsapp";\r
\n# Use DNS Entrys and add dst Address to the Firewall Address-list #\r
\n:foreach i in=[/ip dns cache all find where (name~"whatsapp") && (type
="A") ] do={\r
\n :local tmpAddress [/ip dns cache get $i address];\r
\ndelay delay-time=10ms\r
\n# prevent script from using all cpu time #\r
\n :if ( [/ip firewall address-list find where address=$tmpAddress] =
"") do={ \r
\n :local cacheName [/ip dns cache get $i name] ;\r
\n :log info ("added entry: $cacheName $tmpAddress");\r
\n /ip firewall address-list add address=$tmpAddress list="$lst" c
omment=$cacheName;\r
\n }\r
\n }\r
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup
add comment="Whatsapp Blocker" interval=1h name="Whatsapp Blocker" on-event="#
_Whatsapp Blocker RouterOS v6.33rc33 #\r
\n# This here is the Version for New Terminal # \r
\n# add to Scheduler and run with Time Interval 01:00:00 #\r
\n{\r
\n# STEP 2 set your in-interface here #\r
\n:local iif "bridge";\r
\n# STEP 3 set your jump target name for fw-mangle here, the same name wil
l be the new chain or leave it as it is #\r
\n:local jt "whatsapp_mangle";\r
\n# STEP 4 set your jump rule comment here or leave it as it is #\r
\n:local jtc "Jump to Whatsapp Chain";\r
\n# STEP 5 set dst-address-here, you must get the same name which from STE
P 1 or leave it as it is #\r
\n:local dal "Whatsapp";\r
\n# STEP 6 set your new-connection-mark name here or leave it as it is #\r
\n:local ncm "whats_con";\r
\n# STEP 7 determine the size in bytes here, connection is determined as v
alid after reaching size #\r
\n:local size "100";\r
\n# STEP 8 set your prefered connection-mark comment here or leave it as i
t is #\r
\n:local cmc "Whatsapp Connection"; \r
\n# STEP 9 set your prefered src-address-list Name here or leave it as it
is, this list will display your client IP addresses #\r
\n:local sal "Whatsapp User";\r
\n# STEP 10 set your prefered add-src-to-address-list comment here or leav
e it as it is #\r
\n:local sl "Whatsapp Add Src to Address List";\r
\n# STEP 11 set your own comment for drop rule, after reached Limit of STE
P 7 the Malware connection will be closed #\r
\n:local mwc "Drop Whatsapp Con";\r
\n# STEP 12 set your jump target name for fw-filter here, the same name wi
ll be the new chain or leave it as it is #\r
\n:local fwf "whatsapp_chain";\r
\n# DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!! #\r
\n:log warning ("Removing old Mangle=$jtc " . "Mangle=$cmc " .
"Mangle=$sl " . "and Filter $jtc " . "else $mwc");\r
\n:put ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=
$sl " . "and Filter $jtc " . "else $mwc");\r
\n/ip firewall mangle remove [ find comment="$jtc" ];\r
\n/ip firewall mangle remove [ find comment="$cmc" ];\r
\n/ip firewall mangle remove [ find comment="$sl" ];\r
\n/ip firewall filter remove [ find comment="$jtc" ];\r
\n/ip firewall filter remove [ find comment="$mwc" ];\r
\n:log warning ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "M
angle=$sl " . "and Filter $jtc " . "else $mwc");\r
\n:put ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$
sl " . "and Filter $jtc " . "else $mwc");\r
\n/ip firewall mangle\r
\nadd chain="forward" protocol=tcp in-interface=$iif action=jump jump-t
arget="$jt" comment="$jtc"\r
\nadd chain="$jt" protocol=tcp in-interface=$iif connection-state=esta
blished,new dst-address-list="$dal" \ \r
\naction=mark-connection new-connection-mark="$ncm" connection-bytes="
$size-0" passthrough=yes comment="$cmc"\r
\nadd chain="$jt" dst-address-list="$dal" action=add-src-to-address-
list address-list="$sal" address-list-timeout=6h \
_ \r
\nconnection-mark="$ncm" comment="$sl"\r
\n/ip firewall filter\r
\nadd chain=forward protocol=tcp in-interface=$iif connection-mark="$nc
m" action=jump jump-target="$fwf" comment="$jtc"\r
\nadd chain="$fwf" protocol=tcp dst-port=80 connection-mark="$ncm" a
ction=drop dst-address-list="$dal" src-address-list="$sal" comment=
"$mwc"\r
\nadd chain="$fwf" protocol=tcp dst-port=443 connection-mark="$ncm"
action=drop dst-address-list="$dal" src-address-list="$sal" comment=
"$mwc"\r
\nadd chain="$fwf" protocol=tcp dst-port=5222-5228 connection-mark="$
ncm" action=drop dst-address-list="$dal" src-address-list="$sal" co
mment="$mwc"\r
\n}\r
\n\r
\n\r
\n\r
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup