This method will not effect any other website, i would like to block Facebook in my example.
1: Add website in Layer7 Protocol.
Code: Select all
/ip firewall layer7-protocol
add name=facebook regexp="^.+(facebook.com).*\$"
2: Add your DNS, ISP and your DSL modem IPs and gateway in firewall address list for exception.
Code: Select all
/ip firewall address-list
add address=8.8.8.8 list=not_this_dst
add address=8.8.4.4 list=not_this_dst
add address=10.0.0.1 list=not_this_dst
3: Create mangle rule for filter facebook IPs
Code: Select all
/ip firewall mangle
add chain=forward action=add-dst-to-address-list protocol=tcp
src-address=192.168.88.0/24 dst-address-list=!not_this_dst
address-list=facebook address-list-timeout=0s layer7-protocol=facebook
Now you get all facebook IPs from firewall connections in firewall address list like this,
4: Now create another mangle rule for facebook connection from filtered IPs list.
Code: Select all
/ip firewall mangle
add chain=forward action=mark-connection new-connection-mark=facebook
passthrough=yes dst-address-list=facebook
5: Now block this facebook connection from firewall filter
Code: Select all
/ip firewall filter
add chain=forward action=drop src-address=192.168.88.0/24 connection-mark=facebook
If you want to allow facebook to some or one user you can add exception IPs in rule, for this add those IPs in firewall address list
Code: Select all
/ip firewall address-list
add address=192.168.88.101 list=not_this_src
add address=192.168.88.120 list=not_this_scr
add address=192.168.88.155 list=not_this_src
Remove previous firewall filter rule and add new like this
Code: Select all
/ip firewall filter
add chain=forward action=drop src-address=192.168.88.0/24
src-address-list=!not_this_src connection-mark=facebook
Or you can edit and add IPs in your previous rule.
Are we done? NO.
Someone bypass your mikrotik firewall using VPN tool, in this condition you can use OpenDNS for block proxy or VPN tools.
Note: This method will not works just for youtube, you can block youtube videos from L7
Code: Select all
/ip firewall layer7-protocol
add name=videos regexp=videoplayback|video
Sorry, i made some mistake in my method, now i edit it.
Thank You.