A few days ago, someone asked me how to block all websites except one with MikroTik Firewall. For this, I have decided to discuss about blocking all websites except someone’s whitelist. Unlike firewall devices, MikroTik Firewall by default allows all websites. So, if you need to block any website, you have to create a firewall rule that will block the specific website. Now if we want to block all websites and want to allow a few websites, we have to do reverse work that means we have to create a firewall rule that will block all websites and we have to create another firewall rule that will allow a group of websites through MikroTik Firewall. In this article, I will discuss how to block all websites except a few websites using MikroTik Firewall.
MikroTik Firewall Rule to Block All Websites
HTTP and HTTPS are responsible to view websites. HTTP works on TCP port 80 and HTTPS works on TCP port 443. So, to block all websites, we have to drop all requests on TCP port 80 and 443 trough MikroTik Firewall. The following steps will show how to drop all requests on TCP port 80 and 443 in MikroTik Firewall.
- Go to IP > Firewall menu item and click on Filter Rules tab and then click on PLUS SIGN (+). New Firewall Rule window will appear.
- Choose forward from Chain dropdown menu.
- Choose tcp from Protocol dropdown menu.
- Click on Dst. Port input box and put 80,443.
- Click on Action tab and choose drop from Action dropdown menu.
- Click Apply and OK button.
Alternatively, you can apply the following command to create this blocking firewall rule.
All websites are now blocked. So, user cannot be viewed any websites trough MikroTik Router. If we now want to allow a few websites, we have to create another firewall rule that will allow a group of website trough MikroTik Firewall.
MikroTik Firewall Rule to Allow a Group of Websites
Blocking all websites, it is time to allow permitted websites. We will now create a new firewall rule that will allow a group of websites which are permitted. The following steps will show how to allow a group of websites through MikroTik Firewall.
- Go to IP > Firewall menu item and click on Filter Rules tab and then click on PLUS SIGN (+). New Firewall Rule window will appear.
- Choose forward from Chain dropdown menu.
- Choose tcp from Protocol dropdown menu.
- Click on Dst. Port input box and put 80,443.
- Click on Advanced tab and put a group name (such as Allowed Websites) in Dst. Address List input box.
- Click on Action tab and choose accept from Action dropdown menu.
- Click Apply and OK button.
Allowed rule has been created. Now place this allowed rule above the dropped rule. Otherwise, allowed websites will go under dropped rule and user will fail to get permitted websites.
We have created permitted website group but don’t specify any website of this group. The following steps will show how to add a website to the allowed website group.
- Go to IP > Firewall menu item and click on Address Lists tab and then click on PLUS SIGN (+). New Firewall Address List window will appear.
- Choose your created group name (Allowed Websites) from Name dropdown menu.
- Put website’s URL (such as www.bing.com) that you want to add this group in Address input field.
- Click Apply and OK button.
Similarly, you can add as many websites as you want in your allowed group following the above steps.
Note: If you want to allow those websites which use multiple IPs for a domain such as Google, Facebook, YouTube and so on, you have to add all IPs in your allowed group otherwise you will not be able to access those websites.
If you face any confusion to follow the above steps properly, watch the below video about blocking all websites except a few with MikroTik Firewall. Hope it will reduce your any confusion.
How to block all websites except a few websites with MikroTik Firewall has been discussed in this article. I hope you will now be able to block all websites using MikroTik Firewall and will also be able to allow your desired websites. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.