Category Archives: Mikrotik

How To Block Facebook with Mikrotik

From time to time, some employees doesn’t understand the normal language and the only thing you can do is to use force. Facebook is good and nice thing but only if you’re a reasonable person which understand the terms like “working hour”, “job to do”, etc…

Here are the few tricks which can help you to totally block Facebook.

Create two lists (fb for Facebook IPs and fbWhitelist for local computers which you want to exclude from restrictions)

/ip firewall address-list
add address=192.168.1.195 comment="" disabled=no list=fbWhitelist
add address=192.168.1.198 comment="" disabled=no list=fbWhitelist
add address=192.168.1.194 comment="" disabled=no list=fbWhitelist
add address=31.13.24.0/21 comment="" disabled=no list=fb
add address=31.13.64.0/18 comment="" disabled=no list=fb
add address=66.220.144.0/20 comment="" disabled=no list=fb
add address=69.63.176.0/20 comment="" disabled=no list=fb
add address=69.171.224.0/19 comment="" disabled=no list=fb
add address=74.119.76.0/22 comment="" disabled=no list=fb
add address=103.4.96.0/22 comment="" disabled=no list=fb
add address=173.252.64.0/18 comment="" disabled=no list=fb
add address=204.15.20.0/22 comment="" disabled=no list=fb

Add filter rule with

/ip firewall filter
add action=drop chain=forward comment="facebook drop" disabled=no dst-address-list=fb dst-port=80 in-interface=lan protocol=tcp src-address-list=!fbWhitelist

That’s it.

Now if you want to exclude some IPs, just add them to fbWhitelist and they won’t be blocked.