search

Blok youtube dan facebook address list

1 years ago
Komentar: 0
Dibaca: 132

Blok youtube dan facebook address list

Show

Last Updated: 20-DEC-2016

Update: The script for youtube also adding translate.google.com in the list too. workaround is to either edit the script, or make an ACCEPT rule before the deny rule, which should accept traffic going to translate.google.com ip addresses. 

Recently I was working at a remote network where we configured hotspot for school students and the management wanted to block access to Facebook / Youtube & adult web sites.

Blocking adult websites was easy by redirecting DNS requests to OPENDNS but blocking facebook was a bit tricky because some people from the management wanted to have its access open for specific users. I preferred to have a address-list with the FB/YT server’s ip addresses using automated script.This way I have more control for these destinations for multi purpose.

Create two scripts which will pick facebook/youtube related dns entries from the Mikrotik DNS cache and add it in “facebook/youtube” address lists.

SCRIPT :

The below script(s) (which can be scheduled to run after every 5 or X minutes) will create a address list which will contain facebook/youtube server ips and later a filter rule will block request going to these destinations (using address list). To create this address list, it is required that your users must be using your mikrotik DNS as their primary dns , or make a dst-nat rule that forcefully route user dns (udp 53) requests to local mikrotik dns.

FOR FACEBOOK ~

# Script to add target web sites DNS IP addresses into address list
# Tested with Mikrotik 6.3x
# Syed Jahanzaib / 
# List name
:local LISTNAME "facebook"

# Web site names which will be added in address list
:local TARGET1 "facebook.com"
:local TARGET2 "fbcd.net"

# 1st time runner, check if address list is not created previously and add entries in it for 1st time usage
:if ( [/ip firewall address-list find where list=$LISTNAME] = "") do={
:log warning "No address list for $TARGET1 and $TARGET2 found ! creating and adding resolved entry for 1st time usage ... zaib"

:resolve $TARGET1
:resolve $TARGET2

/ip firewall address-list add list=$LISTNAME
} else={
:log warning "Previous List for $LISTNAME found ! moving forward and checking if DNS entries can be added in it ..."
}

# Check DNS entries and collect matching names
:foreach i in=[/ip dns cache all find where (name~"$TARGET1" || name~"$TARGET2") && (type="A") ] do={

# Get IP Address from the names and hold it in temporary buffer
:local Buffer [/ip dns cache get $i address];
delay delay-time=10ms

# Check if entry is already not exists, then OK, otherwise ignore duplication
:if ( [/ip firewall address-list find where address=$Buffer] = "") do={ 

# Fetch DNS names for the entries
:local sitednsname [/ip dns cache get $i name] ;

# Print name in LOG window
:log info ("added entry: $sitednsname $Buffer");

# Add IP addresses and there names to the address list
/ip firewall address-list add address=$Buffer list=$LISTNAME comment=$sitednsname;
}
}

FOR YOUTUBE ~ 

# Script to add target web sites DNS IP addresses into address list
# Tested with Mikrotik 6.3x
# Syed Jahanzaib / 
# List name
:local LISTNAME "youtube"

# Web site names which will be added in address list
:local TARGET1 "youtube.com"
:local TARGET2 "googlevideo.com"

# 1st time runner, check if address list is not created previously and add entries in it for 1st time usage
:if ( [/ip firewall address-list find where list=$LISTNAME] = "") do={
:log warning "No address list for $TARGET1 and $TARGET2 found ! creating and adding resolved entry for 1st time usage ... zaib"

:resolve $TARGET1
:resolve $TARGET2

/ip firewall address-list add list=$LISTNAME
} else={
:log warning "Previous List for $LISTNAME found ! moving forward and checking if DNS entries can be added in it ..."
}

# Check DNS entries and collect matching names
:foreach i in=[/ip dns cache all find where (name~"$TARGET1" || name~"$TARGET2") && (type="A") ] do={

# Get IP Address from the names and hold it in temporary buffer
:local Buffer [/ip dns cache get $i address];
delay delay-time=10ms

# Check if entry is already not exists, then OK, otherwise ignore duplication
:if ( [/ip firewall address-list find where address=$Buffer] = "") do={ 

# Fetch DNS names for the entries
:local sitednsname [/ip dns cache get $i name] ;

# Print name in LOG window
:log info ("added entry: $sitednsname $Buffer");

# Add IP addresses and there names to the address list
/ip firewall address-list add address=$Buffer list=$LISTNAME comment=$sitednsname;
}
}

SCHEDULER:

Schedule the script to run after every 5 minutes.

/system scheduler
add disabled=no interval=5m name=facebook-script-run-schedule on-event=facebook policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00
add disabled=no interval=5m name=youtube-script-run-schedule on-event=youtube policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00

FILTER RULE:

Now create a FIREWALL FILTER rule which will actually DROP the request (in FORWARD CHAIN) going to facebook OR youtube address list.

[Make sure to move this rule on TOP , or before any general accept rule in Filter section)

/ip firewall filter
add action=drop chain=forward comment=Filter Rule to block FB address LIST : ) disabled=no dst-address-list=facebook
add action=drop chain=forward comment=Filter Rule to block YOUTUBE address LIST : ) disabled=no dst-address-list=youtube

[/sourcecode]

Now try to access the facebook, it may be open as usual, but as soon as the script will run, a address list will be created with the FB ip address list, & its access will be blocked.
As showed in the image below …

Blok youtube dan facebook address list

Blok youtube dan facebook address list

TIP#1

TIME BASE FILTER RULE

You can also use this technique to block FB in some specific timings only. For example you want to block access to FB from 9am to 10:am then use the following filter rule.

/ip firewall filter
add action=drop chain=forward comment=Filter Rule to block FB address LIST : ) disabled=no dst-address-list=facebook time=9h-10h,sun,mon,tue,wed,thu,fri,sat

TIP#2

Force / Redirect users to use your DNS

/ip firewall nat
add action=redirect chain=dstnat comment="FORCE DNS TO LOCAL MIKROTIK DNS SERVER" dst-port=53 protocol=udp to-ports=53

TIP#3

Create Windows Update List using Scheduled Script (run every 5 minutes and fetch servers list from local dns cache)

Note: Make sure your users are using mikrotik as there primary dns server

# Script to add target web sites DNS IP addresses into address list
# Tested with Mikrotik 6.4x
# Syed Jahanzaib / 
# List name
:local LISTNAME "windowsupdateslist"
# Web site names which will be added in address list
:local TARGET1 "update.microsoft.com"
:local TARGET2 "download.windowsupdate.com"
:local TARGET3 "download.microsoft.com"
:local TARGET4 "windowsupdate.com"
:local TARGET5 "ntservicepack.microsoft.com"
:local TARGET6 "wustat.windows.com"
:local TARGET7 "stats.microsoft.com"
:local TARGET8 "mp.microsoft.com"
:local TARGET9 "ws.microsoft.com"
:local TARGET10 "sls.update.microsoft.com.akadns.net"
:local TARGET11 "vortex.data.microsoft.com"
:local TARGET12 "vortex-win.data.microsoft.com"
:local TARGET13 "fe2.update.microsoft.com.akadns.net"
:local TARGET14 "statsfe2.update.microsoft.com.akadns.net"

# 1st time runner, check if address list is not created previously and add entries in it for 1st time usage
:if ( [/ip firewall address-list find where list=$LISTNAME] = "") do={
:log warning "No address list for $TARGET1 found ! creating and adding resolved entry for 1st time usage ... zaib"

:resolve $TARGET1

/ip firewall address-list add list=$LISTNAME
} else={
:log warning "Previous List for $LISTNAME found ! moving forward and checking if DNS entries can be added in it ..."
}

# Check DNS entries and collect matching names
:foreach i in=[/ip dns cache all find where (name~"$TARGET1" || name~"$TARGET2" || name~"$TARGET3" || name~"$TARGET4" || name~"$TARGET5" || name~"$TARGET6" || name~"$TARGET7" || name~"$TARGET8" || name~"$TARGET9" || name~"$TARGET10" || name~"$TARGET11" || name~"$TARGET12" || name~"$TARGET13" || name~"$TARGET14") && (type="A") ] do={

# Get IP Address from the names and hold it in temporary buffer
:local Buffer [/ip dns cache get $i address];
delay delay-time=10ms

# Check if entry is already not exists, then OK, otherwise ignore duplication
:if ( [/ip firewall address-list find where address=$Buffer] = "") do={

# Fetch DNS names for the entries
:local sitednsname [/ip dns cache get $i name] ;

# Print name in LOG window
:log info ("added entry: $sitednsname $Buffer");

# Add IP addresses and there names to the address list
/ip firewall address-list add address=$Buffer list=$LISTNAME comment=$sitednsname;
}
}

Schedule above script in scheduler to run every few minutes. Then you can use this list to perform various functions like block them, or queue them by marking pkts. ZAIB

If this method helped you, please do let me know. your comments, tips for improvements etc are most welcome.

Regard’s
Syed Jahanzaib

Teknologi Facebook Netvn

Pos Terkait

Cara membuat link whatsapp di postingan facebook
Cara membuat link whatsapp di postingan facebook

Cara membuat auto komen facebook dengan cpanel
Cara membuat auto komen facebook dengan cpanel

Cara mengambil video di cerita facebook
Cara mengambil video di cerita facebook

Cara mengubah bahasa di facebook menjadi bahasa indonesia
Cara mengubah bahasa di facebook menjadi bahasa indonesia

Jasa pembuat aplikasi android jakarta
Jasa pembuat aplikasi android jakarta

Cara hapus permanen halaman facebook
Cara hapus permanen halaman facebook

Cara membuat email pemulihan facebook
Cara membuat email pemulihan facebook

Aplikasi facebook lite free gratis
Aplikasi facebook lite free gratis

Cara memblokir fb sendiri secara permanen di facebook lite
Cara memblokir fb sendiri secara permanen di facebook lite

Cara mengupload video ke channel youtube
Cara mengupload video ke channel youtube

Periklanan

BERITA TERKINI

Cara membuat kotak ajaib dengan python
1 years ago . by VerticalAnkle
Cara menggunakan perintah php-fpm
1 years ago . by HelmetedCloseness
Cara membuat tas dari kain satin
1 years ago . by HomesickClerk
Tarik data dari kamus python bersarang
1 years ago . by SpecializedRegulator
Sesi php berakhir terlalu cepat
1 years ago . by ArrestingPneumonia
Cara menghapus aplikasi yang tidak bisa dihapus di HP Realme
1 years ago . by TemptingHousing
Cara mengecek rumus di google sheets
1 years ago . by SaturatedAppraisal
How to install PHP GD in xampp?
1 years ago . by BorrowedFoyer
Concat string dalam loop php
1 years ago . by CardboardAllegation
Di mana prosedur tersimpan di mysql?
1 years ago . by CounterproductiveLiterature

Toplist Popular

#1
Top 10 6 nilai minimum f x y 4x 2y pada d 16 e 14 2x 3y 18 4x 3y 24 x 0 y 0 adalah a 40 b 36 c 2022
1 years ago
#2
Top 10 dia selalu lupa membawa pensil ke sekolah saran yang tepat untuk dia adalah 2022
1 years ago
#3
Top 10 diketahui sebuah data tunggal 2 4 6, 7 7, 8, 9, 10 berapakah modusnya 2022
1 years ago
#4
Top 10 persamaan kuadrat yang akar akarnya 7/ 2 dan -5 adalah 2022
1 years ago
#5
Top 10 jika panjang sisi bangun persegi panjang 16 cm dan lebar 8 cm maka kelilingnya adalah 2022
1 years ago
#6
Top 9 perhatikan gambar mata berikut nama bagian mata yang ditunjukkan angka i dan ii adalah 2022
1 years ago
#7
Top 10 jelaskan apa yang dimaksud dengan 3 jenis kemasan? 2022
1 years ago
#8
Top 9 sebutkan tiga keadilan yang harus terwujud dalam kehidupan bermasyarakat 2022
1 years ago
#9
Top 10 pada getaran harmonik pegas, jika massa beban yang digantung pada ujung bawah pegas 100g 2022
1 years ago
#10
Top 10 permainan bulu tangkis di atas meja yang dimainkan oleh dua atau empat orang 2022
1 years ago

Periklanan

Terpopuler

Periklanan

Tentang Kami

Legal

Dukungan

Social

homeendejakoptzhthittr
Copyright © 2024 apacode Inc.