Community discussions

MikroTik App
 
Jason505
just joined
Topic Author
Posts: 2
Joined: Tue Aug 14, 2018 10:46 pm

Cannot block specific website

Wed Aug 15, 2018 1:05 pm

Hey there!
When I want to block specific website in firewall, it'll block every website except the one i want to.
Using Routerboard hAP lite with WinBox 3.17 and RouterBOARD 941-2nD 6.42.6.
 
wale
just joined
Posts: 12
Joined: Thu Jun 28, 2018 2:46 pm

Re: Cannot block specific website

Wed Aug 15, 2018 4:11 pm

Hi,
to block a certain a site such as www.facebook.com, apply the command below from the new terminal:

ip firewall filter
add chain=forward action=reject reject-with=tcp-reset\
protocol=tcp content="host:www.facebook.com"

you can also use google for more steps.
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1127
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Cannot block specific website

Wed Aug 15, 2018 4:30 pm

How are you trying to block it?
You could use the TLS matcher in firewall to block it.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: Cannot block specific website

Wed Aug 15, 2018 4:39 pm

Another way would be to create an address list, add there the domains you want to block and then create a drop filter rule using that address list as the destination.

I believe this is the less resource hungry solution. No need to open any packet to check anything (TLS or otherwise), and you are actually blocking the IPs those domains resolve to instead of the domain which can be altered using the hosts file.
 
poizzon
Member Candidate
Member Candidate
Posts: 113
Joined: Fri Jun 21, 2013 12:53 pm

Re: Cannot block specific website

Thu Aug 16, 2018 10:06 pm

another way use OpenDNS
--
poi
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1127
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Cannot block specific website

Fri Aug 17, 2018 11:01 am

Expanding on previous comment. Use static DNS entry and force DNS requests to your MikroTik.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials

Who is online

Users browsing this forum: No registered users and 35 guests