Community discussions

 
abuumarselo
just joined
Topic Author
Posts: 15
Joined: Wed Aug 21, 2019 3:11 pm

I need to block facebook and youtube

Sun Aug 25, 2019 3:29 pm

Hi sir

I have Mikrotik rb2011 I'm still learning but I've managed to make most of my company needs

I've blocked Facebook and YouTube successfully but some users due to nature of their work need to use vpn clients such as psiphone these can override my firewall rules and open restricted sites

How I can make sure that my firewall restrictions is applied even when user use VPN client
 
plisken
Forum Guru
Forum Guru
Posts: 2409
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: I need to block facebook and youtube

Sun Aug 25, 2019 6:13 pm

The best way is to block via the address list
Since the layer7 protocol no longer works properly due to the HTTPS protocol

You have to copy and paste everything into "new terminal"
/ip firewall address-list
add address = www.facebook.com list = block-facebook
add address = facebook.com list = block-facebook
add address = login.facebook.com list = block-facebook
add address = www.login.facebook.com list = block-facebook
add address = fbcdn.net list = block-facebook
add address = www.fbcdn.net list = block-facebook
add address = fbcdn.com list = block-facebook
add address = www.fbcdn.com comment = www.facebook.com list = block-facebook
add address = static.ak.fbcdn.net list = block-facebook
add address = static.ak.connect.facebook.com list = block-facebook
add address = connect.facebook.net list = block-facebook
add address = www.connect.facebook.net list = block-facebook
add address = apps.facebook.com comment = www.facebook.com list = block-facebook

add action=drop chain=forward comment="BLOCK FACEBOOK" dst-address-list=block-facebook
BLOCK YOUTUBE
ip firewall address-list
add address=www.youtube.com list="Block youtube"
add address=googlevideo.com list="Block youtube"
/ip firewall filter
add action=drop chain=forward dst-address-list="Block youtube"
/ip firewall address-list
add address=www.youtube.com list="Block youtube"
Let me know if it works
But with VPN
But with VPN you can probably bypass this
 
andriys
Forum Guru
Forum Guru
Posts: 1144
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: I need to block facebook and youtube

Sun Aug 25, 2019 9:17 pm

How I can make sure that my firewall restrictions is applied even when user use VPN client
You cannot do that in general. At least not when the corresponding traffic has already entered the VPN tunnel.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1297
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: I need to block facebook and youtube

Mon Aug 26, 2019 8:44 am

What you can do, is to force all to use only correct DNS. Then you can block DNS to facebook, youtube etc.
Or you can use third party DNS like openDNS that can block DNS.

But this does not prevent user from using VPN/Proxy+++
Eks:
https://nl.hideproxy.me/index.php#p745235
openDNS can block some of these site as well, but not all.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
abuumarselo
just joined
Topic Author
Posts: 15
Joined: Wed Aug 21, 2019 3:11 pm

Re: I need to block facebook and youtube

Mon Aug 26, 2019 12:25 pm

thank you all

Blocking is successfully done

If I've got it well I can't control the user if he is using VPN Clinet

Who is online

Users browsing this forum: No registered users and 20 guests