Hi, i am trying to block a number of streaming websites(netflix, etc) for a customer that has a satellite connection.

I have searched the forum but none of the suggestions seem to be working.

I have a RB2011Uias-2Hnd with v6.32.3.

I have tried the firewall rule at the beginning and at the end.

Using layer7 protocol is not working either.

I even tried to block all traffic from my IP and it still allows it.

The router is setup to be a standard router.

Can anyone help troubleshoot? I don't know whats going on.

Maybe a script to block netflix.com and vimeo.com as an example and i can add the others?

Thanks!

Try this rule:
And move this rules to the top of Firewall rules.

Try this rule:

Code: Select all

/ip firewall filter
add chain=forward action=reject reject-with=tcp-reset protocol=tcp content="Host: www.vimeo.com"

Code: Select all

/ip firewall filter
add chain=forward action=reject reject-with=tcp-reset protocol=tcp content="Host: www.netflix.com"

And move this rules to the top of Firewall rules.

That is not very accurate. The content field will look into packets and if matches will drop them. But that content could be found on other websites and will cause those websites to be dropped. And in case it is a secure connection, like https it can not read the packet content.

The safest way if you want to block a website is to add a static entry into dns, and redirect all customers transparently to your dns cache. That way the webpage they will be looking for will be resolved into your dns static entry.

anyone knows how to made firewall rule witch is only google/gmail, yahoo and LAN only can pass trought ?