This is an important chapter i am going to discuss on .
Lets get into the topic .
In this scenario I am going to block the facebook for my LAN users and likewise you can block any of the website using layer 7 protocol but if the client is using VPN to access this website then this rule will not work successfully .
Here is the given below my scenario.
I am not configuring the basic configuration here . because already i have posted some basic technologies about Mikroitk .like ,IP address configuration , Default Route , NAT etc etc ...
Lest get in to the IP >Firewall>Layer7
and also you can run the below command in CLI .
/ip firewall layer7-protocol
add name="Block Site" regexp="^.+(facebook|youtube).*$"
After adding this in you have create a Filter rule against this layer7 protocols..
Lets create a filter rule ..
/ip firewall filter
add action=drop chain=forward disabled=yes dst-port=80,443 layer7-protocol=\
"Block Site" protocol=tcp src-address=192.168.0.0/24
Here I have mentioned the source IP address list but if you want to block the these contents
in your complete network then you dont need to assign any source IP .
This is the best practice to make disable the contents and also you can filter the traffic using teh layer 7 to give the prioritise .
No comments:
Post a Comment