/ ip firewall raw
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*googlevideo.com*
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*instagram.com*
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*facebook.com*
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*youtube.com*
add action=drop chain=prerouting dst-port=443 protocol=udp src-address=192.168.0.0/24 comment="Https over UDP"
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*instagram.com*
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*facebook.com*
add action=drop chain=prerouting dst-port=443 protocol=tcp src-address=192.168.1.0/24 tls-host=*youtube.com*
add action=drop chain=prerouting dst-port=443 protocol=udp src-address=192.168.0.0/24 comment="Https over UDP"
Note :
- You have to flush dns in your PC and in Mikrotik to make it work.
Another way to block social media is by using Layer 7 Protocol :
/ip firewall layer7-protocol
add name=facebook regexp="^.+(facebook|facebook.com|m.facebook.com|graph.faceb\
ook.com|fbcdn.com).*\$"
add name=instagram regexp="^.+(instagram|instagram.com|m.instagram.com).*\$"
add name=linkedin regexp="^.+(linkedin|linkedin.com|m.linkedin.com).*\$"
add name=streaming regexp="^.+(21cineplex|21cineplex.com|amctheatres|amctheatr\
es.com|cgv|cgv.id|cinema21|cinema21.com|filmxuexi|filmxuexi.com|grandxxi|g\
randxxi.tv|m.grandxxi.tv|hdfilmindir37|hdfilmindir37.com|iflix|iflix.com|i\
ndoxxi|indoxxi.bz|m.indoxxi.bz|layarindo21|layarindo21.pro|layarxxi21|laya\
rxxi21.com|livestream|livestream.com|m.livestream.com|lk21online|lk21onlin\
e.com|lk21tv|lk21tv.com|mivo|mivo.com|m.mivo.com|movieon21|movieon21.xyz|n\
etflix|netflix.com|nontonindoxx1|nontonindoxx1.com|regmovies|regmovies.com\
|tvonline|tvonline.id|m.tvonline.id|vidio|vidio.com|m.vidio.com|xxicinema.\
net).*\$"
add name=twitter regexp="^.+(twitter|twitter.com|m.twitter.com).*\$"
add name=youtube regexp="^.+(youtube|youtube.com|www.youtube.com|m.youtube.com\
|ytimg.com|s.ytmig.com|ytimg.l.google.com|youtube.l.google.com|i.google.co\
m|googlevideo.com|youtu.be|metube.id).*\$"
ook.com|fbcdn.com).*\$"
add name=instagram regexp="^.+(instagram|instagram.com|m.instagram.com).*\$"
add name=linkedin regexp="^.+(linkedin|linkedin.com|m.linkedin.com).*\$"
add name=streaming regexp="^.+(21cineplex|21cineplex.com|amctheatres|amctheatr\
es.com|cgv|cgv.id|cinema21|cinema21.com|filmxuexi|filmxuexi.com|grandxxi|g\
randxxi.tv|m.grandxxi.tv|hdfilmindir37|hdfilmindir37.com|iflix|iflix.com|i\
ndoxxi|indoxxi.bz|m.indoxxi.bz|layarindo21|layarindo21.pro|layarxxi21|laya\
rxxi21.com|livestream|livestream.com|m.livestream.com|lk21online|lk21onlin\
e.com|lk21tv|lk21tv.com|mivo|mivo.com|m.mivo.com|movieon21|movieon21.xyz|n\
etflix|netflix.com|nontonindoxx1|nontonindoxx1.com|regmovies|regmovies.com\
|tvonline|tvonline.id|m.tvonline.id|vidio|vidio.com|m.vidio.com|xxicinema.\
net).*\$"
add name=twitter regexp="^.+(twitter|twitter.com|m.twitter.com).*\$"
add name=youtube regexp="^.+(youtube|youtube.com|www.youtube.com|m.youtube.com\
|ytimg.com|s.ytmig.com|ytimg.l.google.com|youtube.l.google.com|i.google.co\
m|googlevideo.com|youtu.be|metube.id).*\$"
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-port=53 layer7-protocol=facebook new-connection-mark=SocialMedia passthrough=yes protocol=udp src-address-list=local-network
add action=mark-packet chain=prerouting connection-mark=SocialMedia new-packet-mark=SocialMedia passthrough=no
add action=mark-packet chain=prerouting connection-mark=SocialMedia new-packet-mark=SocialMedia passthrough=no
/ip firewall filter
add action=drop chain=forward comment=SocialMedia packet-mark=SocialMedia
No comments:
Post a Comment