To block access to both facebook.com and youtube.com on a MikroTik router running RouterOS 7, you can create Layer 7 Protocol Matchers for both websites and then use firewall rules to block traffic to these domains. Here are the steps:
- Open the Winbox utility or log in to your MikroTik router via SSH or the web interface.
- Go to the “IP” menu and select “Firewall.”
- Click on the “Layer 7 Protocols” tab on the left side.
- Click the “+” button to create a new Layer 7 Protocol Matcher for Facebook. Give it a name (e.g., “block-facebook”) and use the following regular expression to match Facebook URLs:
.*facebook\.com.*
- Click “OK” to save the Facebook Layer 7 Protocol Matcher.
- Create another Layer 7 Protocol Matcher for YouTube. Click the “+” button, give it a name (e.g., “block-youtube”), and use the following regular expression to match YouTube URLs:
.*youtube\.com.*
- Click “OK” to save the YouTube Layer 7 Protocol Matcher.
- Now, go back to the “IP” menu and select “Firewall.”
- Click on the “Filter Rules” tab on the left side.
- Click the “+” button to create a new firewall rule to block Facebook.
- Set the “Chain” to “forward” if you want to block access for devices on your local network, or “input” to block access for the router itself.
- In the “Src. Address” field, you can specify the source IP address or range for which you want to block Facebook. If you want to block Facebook for all devices, leave this field blank.
- In the “Layer7 Protocol” field, select the Facebook Layer 7 Protocol Matcher you created earlier (e.g., “block-facebook”).
- Set the “Action” to “drop” or “reject” depending on whether you want to silently drop the traffic or reject it with an ICMP message.
- Click “OK” to save the firewall rule for blocking Facebook.
- Create another firewall rule to block YouTube following the same steps as above, but select the “block-youtube” Layer 7 Protocol Matcher and set the action to “drop” or “reject.”
Now, your MikroTik router should block access to both facebook.com and youtube.com based on the Layer 7 Protocol Matchers and firewall rules you’ve created. Remember to test the rules to ensure they work as expected. Again, keep in mind that determined users can bypass this by using a VPN or a proxy, so it’s not foolproof.