How to block Facebook during working time on MikroTik Router by using Layer 7

How to block Facebook during working time on MikroTik Router by using Layer 7


If you don't want your client to access Facebook website during working time, please follow my instruction:


*Note: 192.168.1.0/24 is my LAN ip address

1. Create Layer 7 to filter Facebook website

 /ip firewall layer7-protocol
  add name=youtube7 regexp="^.+(youtube.com).*\$"
  add name=facebook7 regexp="^.+(facebook.com).*\$"
2- Create filter rule and choose layer 7 that we have created

 /ip firewall filter
 add action=drop chain=forward comment="Block facebook" disabled=no \

    layer7-protocol=facebookL7 protocol=tcp src-address=192.168.1.0/24
3. Create script to disable/enable the firewall rule

 /system script
add name="Disable Block rule" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="ip fire\
    wall filter disable [/ip firewall filter find comment=\"Block facebook\"]\
    \r\r\
    \nip firewall filter disable [/ip firewall filter find comment=\"Block you\
    tube\"]"

 add name="Enable Block rule" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="ip fire\
    wall filter enable [/ip firewall filter find comment=\"Block facebook\"]\r\
    \r\
    \nip firewall filter enable [/ip firewall filter find comment=\"Block yout\

    ube\"]"

 4. Create schedule to run the script (your working time can be different so please change it)

 /system scheduler
add disabled=yes interval=1d name="Block Facebook 08:00" on-event=\
    "Enable Block rule" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/22/2014 start-time=08:00:00

 add disabled=yes interval=1d name="Allow Facebook 12:00" on-event=\
    "Disable Block rule" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/23/2014 start-time=11:00:00

 add disabled=yes interval=1d name="Block Facebook14:00" on-event=\
    "Enable Block rule" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/23/2014 start-time=13:30:00

 add disabled=yes interval=1d name="Allow Facebook 17:00" on-event=\
    "Disable Block rule" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/22/2014 start-time=16:30:00


 5. Check your date/time on your MikroTik router that it's correct or not...good luck!..
Next
« Prev Post
Previous
Next Post »