1. Go to Hotspot User Profiles, create new profile and call it staff. Set Rate Limit, then type staff in Address List box and internal-filter in Incoming Filter box. Don't forget to set Parent Queue and Queue Type at Queue tab.
2. Open new terminal and copy paste these codes into the terminal.
/ip firewall layer7-protocol
add name=facebook regexp="^.+(facebook|facebook.com|m.facebook.com|graph.faceb\
ook.com|fbcdn.com).*\$"
add name=instagram regexp="^.+(instagram|instagram.com|m.instagram.com).*\$"
add name=linkedin regexp="^.+(linkedin|linkedin.com|m.linkedin.com).*\$"
add name=streaming regexp="^.+(21cineplex|21cineplex.com|amctheatres|amctheatr\
es.com|cgv|cgv.id|cinema21|cinema21.com|filmxuexi|filmxuexi.com|grandxxi|g\
randxxi.tv|m.grandxxi.tv|hdfilmindir37|hdfilmindir37.com|iflix|iflix.com|i\
ndoxxi|indoxxi.bz|m.indoxxi.bz|layarindo21|layarindo21.pro|layarxxi21|laya\
rxxi21.com|livestream|livestream.com|m.livestream.com|lk21online|lk21onlin\
e.com|lk21tv|lk21tv.com|mivo|mivo.com|m.mivo.com|movieon21|movieon21.xyz|n\
etflix|netflix.com|nontonindoxx1|nontonindoxx1.com|regmovies|regmovies.com\
|tvonline|tvonline.id|m.tvonline.id|vidio|vidio.com|m.vidio.com|xxicinema.\
net).*\$"
add name=twitter regexp="^.+(twitter|twitter.com|m.twitter.com).*\$"
add name=youtube regexp="^.+(youtube|youtube.com|www.youtube.com|m.youtube.com\
|ytimg.com|s.ytmig.com|ytimg.l.google.com|youtube.l.google.com|i.google.co\
m|googlevideo.com|youtu.be|metube.id).*\$"
ook.com|fbcdn.com).*\$"
add name=instagram regexp="^.+(instagram|instagram.com|m.instagram.com).*\$"
add name=linkedin regexp="^.+(linkedin|linkedin.com|m.linkedin.com).*\$"
add name=streaming regexp="^.+(21cineplex|21cineplex.com|amctheatres|amctheatr\
es.com|cgv|cgv.id|cinema21|cinema21.com|filmxuexi|filmxuexi.com|grandxxi|g\
randxxi.tv|m.grandxxi.tv|hdfilmindir37|hdfilmindir37.com|iflix|iflix.com|i\
ndoxxi|indoxxi.bz|m.indoxxi.bz|layarindo21|layarindo21.pro|layarxxi21|laya\
rxxi21.com|livestream|livestream.com|m.livestream.com|lk21online|lk21onlin\
e.com|lk21tv|lk21tv.com|mivo|mivo.com|m.mivo.com|movieon21|movieon21.xyz|n\
etflix|netflix.com|nontonindoxx1|nontonindoxx1.com|regmovies|regmovies.com\
|tvonline|tvonline.id|m.tvonline.id|vidio|vidio.com|m.vidio.com|xxicinema.\
net).*\$"
add name=twitter regexp="^.+(twitter|twitter.com|m.twitter.com).*\$"
add name=youtube regexp="^.+(youtube|youtube.com|www.youtube.com|m.youtube.com\
|ytimg.com|s.ytmig.com|ytimg.l.google.com|youtube.l.google.com|i.google.co\
m|googlevideo.com|youtu.be|metube.id).*\$"
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-port=53 layer7-protocol=youtube new-connection-mark=staff-prohibit passthrough=yes \
protocol=udp src-address-list=staff
add action=mark-packet chain=prerouting connection-mark=staff-prohibit new-packet-mark=staff-prohibit passthrough=no
protocol=udp src-address-list=staff
add action=mark-packet chain=prerouting connection-mark=staff-prohibit new-packet-mark=staff-prohibit passthrough=no
/ip firewall filter
add action=drop chain=input comment=staff-prohibit packet-mark=staff-prohibit
add action=drop chain=forward comment=staff-prohibit packet-mark=staff-prohibit
add action=drop chain=internal-filter comment="prevent staffs communication with internal hotel system" dst-address=192.168.10.0/28 log=yes
add action=drop chain=internal-filter comment="prevent staffs communication with internal hotel system" dst-address=192.168.11.0/28 log=yes
add action=return chain=internal-filter
add action=drop chain=forward comment=staff-prohibit packet-mark=staff-prohibit
add action=drop chain=internal-filter comment="prevent staffs communication with internal hotel system" dst-address=192.168.10.0/28 log=yes
add action=drop chain=internal-filter comment="prevent staffs communication with internal hotel system" dst-address=192.168.11.0/28 log=yes
add action=return chain=internal-filter
Note :
192.168.11.0/28 and 192.168.11.0/28 are the internal network.
No comments:
Post a Comment