Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ip firewall address-list
- add address=208.117.224.0/24 disabled=no list=Youtube
- add address=208.117.225.0/24 disabled=no list=Youtube
- add address=208.117.228.0/24 disabled=no list=Youtube
- add address=208.117.229.0/24 disabled=no list=Youtube
- add address=208.117.232.0/24 disabled=no list=Youtube
- add address=208.117.233.0/24 disabled=no list=Youtube
- add address=208.117.234.0/24 disabled=no list=Youtube
- add address=208.117.238.0/24 disabled=no list=Youtube
- add address=208.65.152.0/24 disabled=no list=Youtube
- add address=208.65.153.0/24 disabled=no list=Youtube
- add address=208.65.154.0/24 disabled=no list=Youtube
- add address=64.15.112.0/20 disabled=no list=Youtube
- add address=208.117.236.0/24 disabled=no list=Youtube
- add address=74.125.0.0/16 disabled=no list=Youtube
- add address=72.14.221.0/24 disabled=no list=Youtube
- add address=74.125.208.0/24 disabled=no list=Youtube
- /ip firewall filter
- add action=drop chain=forward comment="deny youtube" disabled=no \
- dst-address-list=Youtube
- works
- #--------------------------------------
- /ip firewall layer7-protocol
- add name=VIDEO regexp=video
- add name=AUDIO regexp=audio
- #-----------------------------
- /ip firewall mangle
- add action=mark-connection chain=prerouting disabled=no layer7-protocol=AUDIO \
- new-connection-mark=yutup passthrough=yes
- add action=mark-connection chain=prerouting disabled=no layer7-protocol=VIDEO \
- new-connection-mark=yutup passthrough=yes
- add action=mark-packet chain=forward connection-mark=yutup disabled=no \
- new-packet-mark=youtube passthrough=no
- #-------------------------------
- #mikrotik 5
- /queue tree
- add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
- max-limit=0 name=YOUTUBE packet-mark=youtube parent=global-out priority=5 \
- queue=default
- #mikrotik 6
- /queue tree
- add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
- max-limit=0 name=YOUTUBE packet-mark=youtube parent=global priority=5 \
- queue=default
- -------------------------------------------------------------
- -----------------------------------------------------------
- ---------------------------------------------------------
- Let's try with the following (firewall and proxy):
- [code]
- /ip firewall layer7-protocol
- add name=httpvideo regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
- /ip firewall filter
- add action=drop chain=forward comment="Drop httpvideo traffic, from L7" disabled=no layer7-protocol=httpvideo
- /ip proxy access
- add action=deny comment=Video disabled=no dst-host=*.youtube.com
- add action=deny disabled=no path=:video
- add action=deny disabled=no path=:Video
- [/code]
- --------------
- http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-streaming-with-squid/
- ----------------------------------
- -----------------------------------
- -----------------------------------
- How to Block Websites with Mikrotik proxy
- This example will explain you “How to Block Web Sites” & “How to Stop Downloading”. I have use Web-Proxy test Package.
- First, Configure Proxy.
- /ip proxy
- enabled: yes
- src-address: 0.0.0.0
- port: 8080
- parent-proxy: 0.0.0.0:0
- cache-drive: system
- cache-administrator: "ASHISH PATEL"
- max-disk-cache-size: none
- max-ram-cache-size: none
- cache-only-on-disk: no
- maximal-client-connections: 1000
- maximal-server-connections: 1000
- max-object-size: 512KiB
- max-fresh-time: 3d
- Now, Make it Transparent
- /ip firewall nat
- chain=dstnat protocol=tcp dst-port=80
- action=redirect to-ports=8080
- Make sure that your proxy is NOT a Open Proxy
- /ip firewall filter
- chain=input in=interface= src-address=0.0.0.0/0
- protocol=tcp dst-port=8080 action=drop
- Now for Blocking Websites
- /ip proxy access
- dst-host=www.aaa07.com action=deny
- it will block website http://www.aaa07.com, we can always block the same for different networks by giving src-address. it will block for particular source address.
- we can also stop downloading files like .mp3, .mp4.....,etc
- /ip proxy access
- path=*.mp3 action=deny
- path=*.mp4 action=deny
- try with this also
- /ip proxy access
- dst-host=:mail action=deny
- this will block all the websites contain word "mail" in url.
- Example: it will block www.hotmail.com, mail.yahoo.com,.....
- or
Add Comment
Please, Sign In to add comment