Hi guys,
In our company we want to block facebook page. So i decided to use layer 7 protocol. Iv put ^(.*)(facebook)(.*)$ as a regexp value and in firewall set this parameters.
/ip firewall layer7-protocol
add name="Deny worktime" regexp="^(.*)(facebook)(.*)\$"
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward disabled=no layer7-protocol="Deny worktime" \
src-address=192.168.5.1-192.168.5.49
add action=drop chain=forward disabled=yes layer7-protocol="Deny worktime" \
src-address=192.168.5.0/24 time=8h-12h,mon,tue,wed,thu,fri
add action=drop chain=forward disabled=yes layer7-protocol="Deny worktime" \
src-address=192.168.5.0/24 time=13h-17h,mon,tue,wed,thu,fri
add action=drop chain=forward disabled=no dst-port=443 layer7-protocol=\
"Deny worktime" protocol=tcp src-address=0.0.0.0/0 src-port=""
add action=drop chain=forward disabled=no dst-port=80 layer7-protocol=\
"Deny worktime" protocol=tcp src-address=0.0.0.0/0 src-port=""
Rule work perfectly BUT it block more page than facebook. And some page are available in chome and not in IE or firefox. Others are available in IE bud not in chrome... and so on... Facebook is blocked in all browsers
Any ideas??