Page 1 of 1

HotSpot Multiples Users Profiles

Posted: Tue Jul 02, 2019 7:27 pm
by caiovernaglia
Hi everyone, i'm new in the mikrotik world and i'm experimenting with hotspot server.

Here's the scenario i'm trying to build:
Multiples Hotspot users with 3 differents users profile
Profile 1: No internet access
Profile 2: Internet access but blocking specific sites (eg.: facebook, youtube...)
Profile 3: Unrestricted internet access

I'm able to configure the hotspot, and users are able to navigate, but when i try to set incoming filter and outgoing filter to user profile, i'm unable to block according the 3 profiles above.
A jump filter rule ir created, dynamic, and then i use L7 to block, but with no succes.

Here's the configuration:
/ip hotspot user profile
set [ find default=yes ] rate-limit=10M/10M transparent-proxy=yes
add incoming-filter=hs-p1 name=profile1 outgoing-filter=hs-p1 rate-limit=5M/5M \
    transparent-proxy=yes
add incoming-filter=hs-p2 name=profile2 outgoing-filter=hs-p2 \
    transparent-proxy=yes
add incoming-filter=hs-p3 name=profile3 outgoing-filter=hs-p3 \
    transparent-proxy=yes
--
 /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth 
 1  D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!aut>
 2  D chain=input action=jump jump-target=hs-input hotspot=from-client 
 3  D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-64875 
 4  D chain=hs-input action=jump jump-target=pre-hs-input 
 5  D chain=hs-input action=accept protocol=udp dst-port=64872 
 6  D chain=hs-input action=accept protocol=tcp dst-port=64872-64875 
 7  D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth 
 8  D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp 
 9  D chain=hs-unauth action=reject reject-with=icmp-net-prohibited 
10  D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited 
11 X  ;;; place hotspot rules here chain=unused-hs-chain action=passthrough log=no log-prefix="" 
12  D chain=hotspot action=jump jump-target=hs-p1 src-address=10.0.0.50 
13  D chain=hotspot action=jump jump-target=hs-p1 dst-address=10.0.0.50 
14  D chain=hotspot action=jump jump-target=hs-p2 src-address=10.0.0.48 
15  D chain=hotspot action=jump jump-target=hs-p2 dst-address=10.0.0.48
.

the last 4 rules (chain hotspot jump-target:hs-px) are created automatically after set the incoming and outgoing filter in user profile. i've tried the following firewall rule witout success
add action=drop chain=hs-p1 layer7-protocol="Block Facebook" protocol=tcp \
    src-port=80,443
Some one could help me setting up this scenario? Maybe a tutorial guide?

Thanks a lot