The following example will be done for youtube.com and facebook.com. Also that this example assumes that local network IP Subnet is 10.10.0.0/16.
Create firewall rules to add each IP visited by users to a dynamic IP Address-List which can be used later.
/ ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp
src-address=10.10.0.0/16 address-list=youtube-list address-list-timeout=0s
content=youtube.com comment="youtube.com IPs"
/ ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp
src-address=10.10.0.0/16 address-list=facebook-list address-list-timeout=0s
content=facebook.com comment="facebook.com IPs"
/ ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp
src-address=10.10.0.0/16 address-list=facebook-list address-list-timeout=0s
content=fbcdn.net comment="Facebooks content delivery network IPs"
Snapshot of how you will create firewall rules to add each IP visited by users to a dynamic IP Address-List which can be used later.
The same procedure that is shown in snapshot will be followed for content="facebook.com" and content="fbcdn.net", if wanted change address-list to different name such as "facebook-list".
Also make sure that these rules are added in FILTER table and not in MANGLE.
No comments:
Post a Comment