Below I will share the Mikrotik Tutorial to block facebook using Mikrotik L7 Protocol (Layer 7). Layer 7 protocol is a method for finding patterns in ICMP / TCP / UDP streams, or any other term Regular Expression pattern.
How Layer 7 works is to match (matcher) the first 10 packet connections or 2KB first connection and look for patterns/patterns of data matching the available. If this pattern is not found in the available data, the matcher does not check further. And it will be considered unknown connections. You should consider that many connections will significantly increase memory usage on your RB or PC Router. To avoid that add regular firewall matchers (pattern) to reduce the amount of data sent to the layer-7 filter.
Layer 7 matcher should see both directions of traffic (incoming and outgoing). To comply with this requirement rule 7 must be set in the chain forward. If the rule in the input / prerouting chain then the same rule must be set also in the output/post routing chain, otherwise the data may be considered incomplete so the pattern is considered incorrect.
Okay already know about Layer 7 Protocol? We go on. So the scenario we will use is like the following picture,
This Tutorial Has Two Parts
1-Block Facebook website for everyone who connects to the local network.
First, we first check the Facebook site can be opened or not.
Check the IP address of the client that can not open Facebook
Next, go to Winbox Mikrotik, go to IP menu -> Firewall -> Layer 7 Protocols. Create a new Regular Expression rule to block Facebook.
The steps are like in the following picture:
Name the rule Facebook, enter the following Regular Expression script.
^. + (Facebook.com). * $
Next, create a new Firewall Rule with:
Src Address: network address of client (172.16.10.0/24)
Enter the Advanced tab, in Layer 7 Protocol select “facebook”
Go to the Action tab, select Action drop.
Now try the test settings successfully what not.
Check Also That other Sites are working fine other than Facebook
Okay, the setting goes smoothly
2. Creating Facebook can only be opened by some users only.
Okay go on, this time we try to open a connection one client let me open Facebook for the second client (172.16.10.199/24) but still blocking access to Facebook for other clients.
Create a second filter rule with a specific Src Address to its IP address client that is 172.16.10.199 instead of its network address.
Do not forget his action select accept.
Move the newly created rule to the top of it.
Try this setting test on the second client (172.16.10.199/24):
Details on the rule there are packets and data passing.
Check also on other clients on the same network whether Facebook can be accessed or not.
Look again at this rule
Drop packets rate it up right. This means that our settings successfully blocked Facebook using Layer 7 Protocol Mikrotik.
We can also do the same to block youtube sites, etc. Please try and apply yourself.
May be useful 🙂