Saturday, November 5, 2011

Mikrotik : How to Block Facebook - Youtube and Other sites using L7 (Layer7)

Below i will show you how to block facebook and youtube sites using Mikrotik L7 Protocols (Layer 7). here i use RouterBoardOS RB1100.

STEP 1:
you have to create new Regexp rule at Layer7 Protocols by Press , and name it as "DENIED" (withoue quote), see details below:

You can Copy & Paste the code above at below:
^.+(facebook.com|youtube).*$

STEP 2:
Now create Filter Rules, as follow:
At General Tabs for Chain, Please Choose : Foward

At Advanced tabs, select 'DENIED' (rule that you have create at step 1) for Layer7 Protocols

Choose Action 'DROP' 
And At last, your Filter rule to block facebook and youtube should have effected to your network.
try to access facebook & youtube, and you will see that the two sites will not able to access.

this can be see from the filter rule you have created, it will catch the bytes for denied sites in your network.


8 comments:

GogoMKD said...

That blocks other pages too, who are not facebook. can you give some advice?

Unknown said...

Hi Atom, I have a huge question :) I use this configuration but now I have to give acces to some users on my lan, I tried New Firewall Rule-> Src Addres (IP Address user) ->Advanced->Layer7-> Facebook (this is my firewall layer 7 name for facebook ) -> Action->Accept, But doesn´t work, could you please give some advice, Thanks

Unknown said...

Hi, put first ur line to accept the facebook, and u can do it better if u use mangle rules.

Paco MacSwiney said...

Hello:

Ive used this rule but for some reason it does not works in Firefox do you have an idea of why this could be happening?

Regards!

Real Online Earning said...

You can use this system for Facebook block :

http://rbgeek.wordpress.com/2012/05/29/how-to-block-facebook-in-mikrotik-using-l7-protocols-layer-7/?contact-form-id=1222&contact-form-sent=9290&_wpnonce=b0cec7d90a#contact-form-1222

Unknown said...

Hi Atom,
Presently my configuration is as follows: Internet>>16port Switch>>Gateway>>Mikrotik>>NetEqualizer2000>> 24port managed switch>>Squid>>CLoud but i am currently experiencing alot of failures on my squid when i try to monitor traffic using the "Tail" commmand.My squid is running on Suse12.x. It works well if i make the squid to be non-transparent it works well but once i make it to be transparent it works for a while then slows to a halt. why i want to use the non-transparent is that i cant go round all my users as they are quite alot!
i was wondering if you can help me out here as i am at my wits end. i inputd into the mikrotik the following command via CLI in order to make it work but still; add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=10.5.50.5 to-ports=3128

I will appreciate it if you can help me out.
Thanks.

Amit said...

Hi I tried Layer 7 blocking , followed all steps which was mentioned above but still I am able to access facebook and youtube. I am using Microtik RB951Ui - 2HnD

Unknown said...

i agree with Amit, same things i do but not getting proper output.

Post a Comment