Home / Archived For March 2011

Block Porn Sites and Facebook With Mikrotik

3 Comments

The challenge for the admin in the office to block sites that have nothing to do with work. Alias porn sites and social networking sites, which disturb the performance. We were asked to Block Porn Sites and Facebook during office hours. I immediately thought to use Mikrotik just that simple.

I might as well share it here aja mikrotik tutorials, to the steps I am not starting from scratch due to installing and setting as a gateway proxy, as well as transparent proxy can be found here.

The assumption mikrotik already can walk, and also used as a web proxy. Following steps:

• Block up, porn sites, youtube and sites that contain those words. Enter the following script in a terminal proxy:
ip web-proxy access
add dst-port=80 url="facebook.com" action=deny comment="satu" disabled=no
add dst-port=80 url="*.facebook.com" action=deny comment="dua" disabled=no
add dst-port=80 url="*porn*.com" action=deny comment="tiga" disabled=no
add dst-port=80 url="*sex*.com" action=deny comment="empat" disabled=no
add dst-port=80 url="*tube*.com" action=deny comment="lima" disabled=no
add dst-port=80 url="*porn*" action=deny comment="enam" disabled=no
add dst-port=80 url="*sex*" action=deny comment="tujuh" disabled=no

• Creating a Scheduler at 08.00 - 15.00. (HOURS OF WORK)
/ system script
add name=jam-allow policy=policy=ftp,reboot,read,write,policy,test,winbox,password source={
/ip web-proxy access set [/ip web-proxy access find comment=satu] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=dua] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=tiga] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=empat] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=lima] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=enam] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=tujuh] disable=yes}
/ system scheduler
add name="schedule-jam-allow" on-event=jam-allow start-date=jan/01/1970 start-time=16:00:00 interval=1d comment="" disabled=no

• Creating a Scheduler in hours 15:00 to 08:00
/ system script
add name=jam-deny policy=policy=ftp,reboot,read,write,policy,test,winbox,password source={
/ip web-proxy access set [/ip web-proxy access find comment=satu] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=dua] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=tiga] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=empat] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=lima] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=enam] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=tujuh] disable=no}

/ system scheduler
add name="schedule-jam-allow" on-event=jam-deny start-date=jan/01/1970 start-time=08:00:00 interval=1d comment="" disabled=no

So little tricks on how to Block Porn Site and up Wear Mikrotik. Hope can help to reduce access to porn sites and the corruption of time.

Limited Youtube on Mikrotik

1 Comment
from :http://www.facebook.com/home.php#!/notes/heru-van-danoe/melimit-youtube-di-mt/191341640898286?notif_t=note_reply

Step 1
We input rule in the firewall to get an IP from download servers and enter the IP into the address list ...

/ip firewall filter add chain=forward \ src-address=192.168.5.0/24 protocol=tcp content=.flv \ action=add-dst-to-address-list address-list=downloads \ address-list-timeout=01:00:00

Rule above will capture all traffic to the content. flv originating from the LAN IP blocks and put it into the address list of downloads for 1 hour.
Variable above can be changed according to the topology and the needs of your own.

Step 2
We do mangle for marking packets originating from address lists that we can from Step 1
/ip firewall mangle add chain=forward protocol=tcp src-address-list=downloads \ action=mark-packet new-packet-mark=download-paket

Mangle is we need to label the package so that the simple queue can capture traffic from an IP that has been found on the address list "downloads"

Step 3
The last step we enter the simple queue of packets that have marks we got from step 2

/queue simple add name=download-files \max-limit=64000/64000 packet-marks=download-paket

Put the queue at the top in order to be read first by MikroTik

That's it ..

We've managed to allocate bandwidth to traffic download file2 we want, and keep current browsing .. even if browsing to a server that already in the address list to be slow due to go into limit

How to Block Facebook with Mikrotik

4 Comments
How to Block Facebook with Mikrotik, Please follow my tutorial

1. Login via winbox

2. Create filter rules as below :

/ip firewall filter add chain=forward content="facebook.com" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="www.facebook.com" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="apps.facebook.com" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="facebook" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="facebook.*" action=drop comment="Drop Facebook"

via terminal:


then a result like this


Finis My Tutorial.
Thanks.


Subscribe to: Posts (Atom)