Saturday, November 5, 2011

Mikrotik : How to Block Facebook - Youtube and Other sites using L7 (Layer7)

Below i will show you how to block facebook and youtube sites using Mikrotik L7 Protocols (Layer 7). here i use RouterBoardOS RB1100.

you have to create new Regexp rule at Layer7 Protocols by Press , and name it as "DENIED" (withoue quote), see details below:

You can Copy & Paste the code above at below:

Now create Filter Rules, as follow:
At General Tabs for Chain, Please Choose : Foward

At Advanced tabs, select 'DENIED' (rule that you have create at step 1) for Layer7 Protocols

Choose Action 'DROP' 
And At last, your Filter rule to block facebook and youtube should have effected to your network.
try to access facebook & youtube, and you will see that the two sites will not able to access.

this can be see from the filter rule you have created, it will catch the bytes for denied sites in your network.


GogoMKD said...

That blocks other pages too, who are not facebook. can you give some advice?

Unknown said...

Hi Atom, I have a huge question :) I use this configuration but now I have to give acces to some users on my lan, I tried New Firewall Rule-> Src Addres (IP Address user) ->Advanced->Layer7-> Facebook (this is my firewall layer 7 name for facebook ) -> Action->Accept, But doesn´t work, could you please give some advice, Thanks

Unknown said...

Hi, put first ur line to accept the facebook, and u can do it better if u use mangle rules.

Paco MacSwiney said...


Ive used this rule but for some reason it does not works in Firefox do you have an idea of why this could be happening?


Unknown said...

You can use this system for Facebook block :

Unknown said...

Hi Atom,
Presently my configuration is as follows: Internet>>16port Switch>>Gateway>>Mikrotik>>NetEqualizer2000>> 24port managed switch>>Squid>>CLoud but i am currently experiencing alot of failures on my squid when i try to monitor traffic using the "Tail" commmand.My squid is running on Suse12.x. It works well if i make the squid to be non-transparent it works well but once i make it to be transparent it works for a while then slows to a halt. why i want to use the non-transparent is that i cant go round all my users as they are quite alot!
i was wondering if you can help me out here as i am at my wits end. i inputd into the mikrotik the following command via CLI in order to make it work but still; add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses= to-ports=3128

I will appreciate it if you can help me out.

Unknown said...

Education without values, as useful as it is, seems rather to make man a more clever devil. See the link below for more info.


Unknown said...

Well this is really a informative post and I am glad to read such a great post. I came to your site by mistake but from now I am going to read all of your posts. Great article thanks.


Unknown said...

Love it! Very interesting topics, I hope the incoming comments and suggestion are equally positive. Thank you for sharing this information that is actually helpful.

Amit said...

Hi I tried Layer 7 blocking , followed all steps which was mentioned above but still I am able to access facebook and youtube. I am using Microtik RB951Ui - 2HnD

Unknown said...

i agree with Amit, same things i do but not getting proper output.

Unknown said...

I really enjoyed reading your article. I found this as an informative and interesting post, so i think it is very useful and knowledgeable. I would like to thank you for the effort you have made in writing this article.

joshdriod said...

yes, I have read your post and I must commend your writing skills and your take on this matter, it goes a long way and has made me really understand this topic, this is really nice. but get more details on how to block a facebook friend easily.

Post a Comment