C:\Documents and Settings\Normunds>nslookup myspace.com
Non-authoritative answer:
Name: myspace.com
Addresses: 216.178.32.50, 216.178.32.51, 216.178.32.52, 216.178.32.137
216.178.32.48, 216.178.32.49
for example there are lot of MySpace.com IPs.. how to add them all in single Address List?
I tried use "," or ";" but doesn't work...
thanks
-
-
yudigadget
Frequent Visitor
- Posts: 60
- Joined:
i already add those IPs in my Address List
then i did:
ip firewall filter print
chain=forward dst-address-list=www.myspace.com action=drop
why i still can access that site?
ok,i tried ping those IP and got request time out...
but once again, why i still can access that site?
is this because i use web-proxy?
uhm..btw which one better? use protection from proxy or firewall?
thanks
then i did:
ip firewall filter print
chain=forward dst-address-list=www.myspace.com action=drop
why i still can access that site?
ok,i tried ping those IP and got request time out...
but once again, why i still can access that site?
is this because i use web-proxy?
uhm..btw which one better? use protection from proxy or firewall?
thanks
-
-
yudigadget
Frequent Visitor
- Posts: 60
- Joined:
yes i already do that... i already deny that site in my proxy list.
but for a site (http://www.anything.com), block the http://www.anything.com is not enough.. because client still can access it by type it's IP to browser
So, i need to add all IPs related to that site in proxy... and i already do that too.. but my proxy list getting big..
so,my question what do you think... do i need firewall filter or just proxy?
because i think in firewall filter, i only need to manage the address list
i just want to learning about creating better management of network configuration
CMIIW
but for a site (http://www.anything.com), block the http://www.anything.com is not enough.. because client still can access it by type it's IP to browser
So, i need to add all IPs related to that site in proxy... and i already do that too.. but my proxy list getting big..
so,my question what do you think... do i need firewall filter or just proxy?
because i think in firewall filter, i only need to manage the address list
i just want to learning about creating better management of network configuration
CMIIW
Do this rule in your web-proxy:
===================================
/ip web-proxy access add dst-port=80 url="http://www.google.com" action=deny
===================================
Work fine, almost in my machine.
Chao.
===================================
/ip web-proxy access add dst-port=80 url="http://www.google.com" action=deny
===================================
Work fine, almost in my machine.
Chao.
-
-
yudigadget
Frequent Visitor
- Posts: 60
- Joined:
Ok, so you want to block http://www.google.com, i believe if i were your client of your MikroTik router, i still can access http://www.google.com, i will type this 66.249.89.99 or 66.249.89.104 on browser address bar, then google will opened..Do this rule in your web-proxy:
===================================
/ip web-proxy access add dst-port=80 url="http://www.google.com" action=deny
===================================
Work fine, almost in my machine.
Chao.
i need to block all access to that site
CMIIW
Of course this has nothing to do with address lists, in the end.
To create a list, do this multiple times, in cli, and change relevant fields - address and comment. Or list, if you like.
If you want at all costs to block acces to a site, redirect all dns requests to a dns of your own, maybe the same machine the MT is on, and put a static ip address for example:
Even if ip lists should do it.
For lists, just remember to put ALL the ip's the site uses.
To create a list, do this multiple times, in cli, and change relevant fields - address and comment. Or list, if you like.
Code: Select all
/ip firewall filter add address=111.222.111.222 comment="Banned address" disabled=no list="banned_ips"Code: Select all
google.com 127.0.0.1For lists, just remember to put ALL the ip's the site uses.