Header Ads

How To block Facebook, Youtube, other Sites and Also Allow Specific Users Only On Mikrotik Routers




I have earlier posted on how to block Utorrent users on yournetwork. But in this tutorial we are going to see more features of MikroTik Firewall as a security tool.
So in this tutorial we are going to use these features to block unwanted websites. 

In every network there are times it may be your requirement to block any website like Facebook, YouTube, Pornographic site and so on.
 To these task, all you’re expected to do is to create Firewall Rules that will drop any connection to these websites through your MikroTik Router.

Let me assume that right now you have this task to perform, so am going to work you through all the steps just keep reading and please pay attention to each line.
You will need to understand that MikroTik Firewall performs these operational blocking of website using Filter Rules which you created.


These rules can be as Chain value, Source Address, Destination Address, Protocol type, Source Port, Destination Port, Layer7 Protocol value etc. to match conditions.
Before these rules takes effect Action part will need to be applied, which will acts as only drop action to block any website, or allow to allow websites.
If these action part of a Filter Rule is matched, MikroTik Firewall will drop that connection. So, any user cannot access that website through MikroTik Router.


MikroTik Firewall has all the features to to block any website with not only source address or destination address. It can also utilize the Layer7 Protocol  to match URL and then perform these operations.

For example let us block  Facebook, and YouTube Traffic on our MikroTik Router.

Before we start we will create  Layer7 Protocol, hence it is what will be used to filter the site by matching it’s keyword.
So we will start by loging into our mikrotik winbox.
Then click on IP > Firewall and then click on Layer7 Protocols
Click on PLUS SIGN (+) to create a new Layer7 Protocol.
 New window will appear.
Put a meaningful name such as Facebook in Name input box.
Now put  (facebook.com). or any other site you want to block.
Then click on Apply and OK.




Similarly, if you want to block YouTube, do step 4, 5 and 6 but change facebook.com with youtube.com like (youtube.com). You can put any keyword such as sex, porn etc.
We have successfully created our Layer7 Protocols which will be used in Filter Rule to block unwanted sites.
 The next thing we will do is to create our Firewall Filter Rule.



We will start the configuration by clicking on the Filter Rules tab and then click on  (+).
New Firewall Rule window will appear now.

In General tab, choose forward from Chain dropdown menu.
Hence we are blocking all users We  will leave  both Src. Address and Dst. Address, but in the case  you want to block  a specific user,the type in the IP address in Src. Address input box or if you want to block for an IP block, put that IP block in the Src. Address input box.





Click on Protocol dropdown menu and choose 6(tcp)
Put port 80,443 in Port input box. Value should be coma separated.
Click on Advanced tab and then choose your Layer7 Protocol that you created before from Layer7 Protocol dropdown menu.
After then we will  click on Action tab and choose drop from Action dropdown menu.
Click Apply and OK.

So now we have successfully created a Rule to block website. and that is all your need to block users from access these websites.


Now you will must be aware that in so many organizations, not everyone we will be deprived of website such as Facebook, YouTube etc.
In this second line am going to show you how to allow some specific user to your blocked website.

To do the above operation, click on Filter Rules tab and then click on  (+) to create a new Filter Rule. New Firewall Rule window will appear now.

In General tab, choose forward from Chain dropdown menu.
Put your user’s IP address which will be allowed to access blocked website in Address input box.
Click on Protocol dropdown menu and choose 6(tcp)

Put port 80,443 in Port input box.
Click on Advanced tab and then choose your Layer7 Protocol which will be allowed for the user from Layer7 Protocol dropdown menu.
Now click on Action tab and choose accept from Action dropdown menu.
Click Apply and OK.

Click hold and Drag the allowed rule upper before dropped rule. Otherwise, allowed user will go under dropped rule. So cannot access to desired website.


So this is how you go about blocking and allowing users from accessing some sites on your network when your working with mikrotik routers.

No comments:

Theme images by Jason Morrow. Powered by Blogger.