Home » MikroTik Router » MikroTik Block Website (Facebook, YouTube and Other Sites)

MikroTik Block Website (Facebook, YouTube and Other Sites)

MikroTik Firewall is a powerful security tool that can be used to block unwanted websites. If you are a network administrator, sometimes it may be your requirement to block any website like Facebook, YouTube, Pornographic site and so on. To block these types of website, you just need to create Firewall Rules that will drop any connection to these websites through your MikroTik Router. MikroTik Firewall basic concept such as what is MikroTik Firewall, what is MikroTik Firewall Rule, how to implement MikroTik Firewall Rule etc.  was discussed in my previous article. If you feel that you need the basic concept on MikroTik Firewall, feel free to spend time to study that article. In this article, I am only going to show how to block unwanted websites using MikroTik Firewall Rules.

MikroTik Block Website

MikroTik Block Website

How MikroTik Firewall Block Websites

MikroTik Firewall blocks website using Filter Rule. A MikroTik Filter Rule has two parts.

  • Conditional part which takes various conditional properties such as Chain value, Source Address, Destination Address, Protocol type, Source Port, Destination Port, Layer7 Protocol value etc. to match conditions.
  • Action part which takes only drop action to block any website.

If conditional part of a Filter Rule is matched, MikroTik Firewall will drop that connection. So, any user cannot access that website through MikroTik Router.

Why Layer7 Protocol

MikroTik Firewall is capable to block any website with not only source address or destination address but also Layer7 Protocol. Layer7 Protocol uses Perl Regex (Regular Expression) to match any keyword in URL. If matched is occurred, action is taken by the Filter Rule that uses this Layer7 Protocol. As we want to block any website providing keyword such as Facebook, YouTube etc. we will create a Layer7 Protocol with Regex and then we will use this Layer7 Protocol in our Filter Rule.

Block Facebook, YouTube with MikroTik Filter Rule

Now we will create Filter Rule that will block websites like Facebook, YouTube or any other website that you want. Complete process to create a Filter Rule can be divided into two steps.

Step 1: Create Layer7 Protocol

Before creating Filter Rule, we need to create Layer7 Protocol with Regex because this Layer7 Protocol will be used by Filter Rule to match any keyword in URL. The following process will show how to create Layer7 Protocol with Regex.

  1. Open winbox and login with your login credentials.
  2. Go to IP > Firewall and then click on Layer7 Protocols
  3. Click on PLUS SIGN (+) to create a new Layer7 Protocol with Regex. New Firewall L7 Protocol window will appear.
  4. Put a meaningful name such as Facebook in Name input box.
  5. Now put ^.+(facebook.com).*$ Regex in Regexp textarea input field if you want to block Facebook. If you are interested to know Perl Regex, you will find here.
  6. Now click Apply and OK
  7. Similarly, if you want to block YouTube, do step 4, 5 and 6 but change facebook.com with youtube.com like ^.+(youtube.com).*$. You can put any keyword such as sex, porn etc. that you want to block within parenthesis in this Regex.

We have created our Layer7 Protocols which will be used in Filter Rule to block our desired sites. Now we will create our Firewall Filter Rule.

Step 2: Create Filter Rule to Block Website

After creating Layer7 Protocol, we will now create Filter Rule that will block our desired website. The following steps will show how to create a Filter Rule to block any website.

  1. Now click on Filter Rules tab and then click on PLUS SIGN (+) to create a new Filter Rule. New Firewall Rule window will appear now.
  2. In General tab, choose forward from Chain dropdown menu.
  3. We are keeping untouched both Src. Address and Dst. Address because we want to block all users. If you want to block for a specific user, put his/her IP address in Src. Address input box or if you want to block for an IP block, put that IP block in the Src. Address input box.
  4. Click on Protocol dropdown menu and choose 6(tcp)
  5. Put port 80,443 in Port input box. Value should be coma separated.
  6. Click on Advanced tab and then choose your Layer7 Protocol that you created before from Layer7 Protocol dropdown menu.
  7. Now click on Action tab and choose drop from Action dropdown menu.
  8. Click Apply and OK
  9. Do step 1 to 8 if you need to create another Filter Rule for any other website.

Filter Rule to block website has been created. The above rule will block all the users to access our desired website. But sometimes you may need to access this website for a specific user. In this case, you have to create another Filter Rule where user’s IP address has to provide in source address and the Filter action will be accept.

How to Allow a Specific User to a Blocked Website

The above Filter Rule that we have created will block all users in your LAN. But sometimes you may have some specific users who need to access your blocked website such as Facebook, YouTube etc.  The following steps will show you how to give access a specific user to your blocked website.

  1. Click on Filter Rules tab and then click on PLUS SIGN (+) to create a new Filter Rule. New Firewall Rule window will appear now.
  2. In General tab, choose forward from Chain dropdown menu.
  3. Put your user’s IP address which will be allowed to access blocked website in Address input box.
  4. Click on Protocol dropdown menu and choose 6(tcp)
  5. Put port 80,443 in Port input box.
  6. Click on Advanced tab and then choose your Layer7 Protocol which will be allowed for the user from Layer7 Protocol dropdown menu.
  7. Now click on Action tab and choose accept from Action dropdown menu.
  8. Click Apply and OK
  9. Do step 1 to 8 if you want to allow another user.

Note: You must place allowed rule before dropped rule. Otherwise, allowed user will go under dropped rule. So, he/she cannot access to desired website.

How to block websites (Facebook, YouTube etc.) with MikroTik Firewall Rule and Layer7 Protocol has been discussed in this article. I hope you are now able to block any website or can give access to any user to access any blocked website easily. However, if you face any problem to block any website, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.

mikrotik-block-website-facebook-youtube-and-other-sites

ABOUT ME

I, Md. Abu Sayeed, am a system administrator. I like to share knowledge that I am learning from my daily experience. As a system administrator, I like to play with computer networking, Redhat Linux , Windows server, physical server and storage, virtual technology and other system related topics. I hope, my daily experiences that I am sharing in this website will be beneficial for you. So, if this article is helpful for you, don’t forget to give a positive feedback by sharing on your favorite social media or liking our Facebook Page. You can also keep subscribed to our website for getting email notification of new post by providing your name and email address in Subscription Page.   

4 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*