Blocking certain pages can get very tricky. Here's Normunds to guide you through the process.
Жүктеу.....
Пікірлер: 30
@TheNetworkBerg Жыл бұрын
Thanks MikroTIk, another great video! This also highlights why there may be other devices that are designed specifically for this purpose to use in conjunction with your MikroTik. Like a proper UTM based NGFW that does all the heavy lifting in the backend to figure out what all the hostnames, IPs, applications, ports, etc are and to block them seamlessly.
@Anavllama
3 ай бұрын
Indeed, it comes at a cost, do not be fooled by products claiming to do do, such as firewalla which DO NOT DO DPI of encrypted traffic, thus not all that useful.
@michaelh.nabuzale4839 Жыл бұрын
The way you finished had me laughing at the problem you just evidenced
@Anavllama Жыл бұрын
Glad you stated that tls is not the perfect solution. Industry has certainly moved to making their sites accessible by many means such as using the QUIC protocol and a worldwide content delivery system which bypass any TLS block. Concur with Mr Berg, get another appliance if its a critical need (business environment as a front end device).
@olegandreych
Жыл бұрын
Ironically, same things make harder to bypass these blocks. But blocks are still there and working fine.
@wreckedzilla Жыл бұрын
my man! have a nice weekend
@Bianchi77 Жыл бұрын
Nice video, thanks :)
@JaroslavVazac Жыл бұрын
DNS seems to be a better way, esp. in cooperation with Umbrella or similar DNS filtration services.
@dan__________________
Жыл бұрын
Until you have clients that use dns over https.
@ldavader2704 Жыл бұрын
And what can we do with TLS 1.3?
@alimibrahem8120 Жыл бұрын
Thanks for that Normis..! So can i make a static DNS server in mikrotik for this purpose..? so any ones who want to go to tiktok will be redirected to another site..? Like my company site, is there is something like that in mikrotik..?
@mikrotik
Жыл бұрын
Yes, blocking by dns name is yet another approach.
@Problembaer4
Жыл бұрын
You can create A-Records, which maps Domain-Names to an IP or you can create an CNAME-Record which maps to another Domain-Name. So, yes, this is possible with MT-DNS.
@jester667 Жыл бұрын
#clockblocking? I think I've heard about it before😉
Жыл бұрын
Neat
@inprosis9 ай бұрын
how can i block reagetton music
@sagetechnology4913 Жыл бұрын
The real question is, how do I redirect all of my company's web traffic to spicy websites?
@CDR24
Жыл бұрын
You're a genius of evil
@D9ID9I Жыл бұрын
Any reason you can't set port without setting protocol? Just filter all protocols that support ports and fit into "port" value. It is annoying to duplicate same rules for different protocols when you care about port only.
@stevenrobertson48863 ай бұрын
Is anyone still active here ? Iv tried this route with no joy, and if i capture IP using a Mangle rule then create a filter rule it seems to take my router down and stop total internet access. Pls assist -
@inprosis9 ай бұрын
how to block regaetton music
@BlackB00X5 ай бұрын
for tiktok not working anymore in 2024
@chumgrinder25 Жыл бұрын
OK, i'm confused. The filter you created was for **tiktok** . The header you showed in Wireshark appears to match **tiktok** , yet you are not stopping it?
@mikrotik
Жыл бұрын
You can block any service or website this way, TikTok is just one example
@chumgrinder25
Жыл бұрын
@@mikrotik I believe you have misunderstood my comment. The purpose of you doing the Wireshark exercise was to determine what strings besides **tiktok** you needed to block to cover all the traffic, but the name you found should already have been blocked by *tiktok*. So why wasn't it already being blocked?
@mikrotik
Жыл бұрын
No, the idea is that an app like TikTok could be using servers that do not have TikTok in their address, they might use some other address, like cdn.clockapp.com, for example. So blocking TikTok may not work (but TikTok is just an example, in real life blocking just *tiktok* works fine). This is why, if using *servicename* does not work, we suggest turning to Wireshark, to see what domain the app is using.
@chumgrinder25
Жыл бұрын
@@mikrotik Ah, I see now. You didn't show us an "interesting" TikTok packet with a non-tiktok name because TikTok doesn't actually use such servers. What made it confusing is that you implied they did because your phone continued to work. Thanks.
@oplv6 ай бұрын
Hello! How to block access to youtube using mikrotik?
Пікірлер: 30
Thanks MikroTIk, another great video! This also highlights why there may be other devices that are designed specifically for this purpose to use in conjunction with your MikroTik. Like a proper UTM based NGFW that does all the heavy lifting in the backend to figure out what all the hostnames, IPs, applications, ports, etc are and to block them seamlessly.
@Anavllama
3 ай бұрын
Indeed, it comes at a cost, do not be fooled by products claiming to do do, such as firewalla which DO NOT DO DPI of encrypted traffic, thus not all that useful.
The way you finished had me laughing at the problem you just evidenced
Glad you stated that tls is not the perfect solution. Industry has certainly moved to making their sites accessible by many means such as using the QUIC protocol and a worldwide content delivery system which bypass any TLS block. Concur with Mr Berg, get another appliance if its a critical need (business environment as a front end device).
@olegandreych
Жыл бұрын
Ironically, same things make harder to bypass these blocks. But blocks are still there and working fine.
my man! have a nice weekend
Nice video, thanks :)
DNS seems to be a better way, esp. in cooperation with Umbrella or similar DNS filtration services.
@dan__________________
Жыл бұрын
Until you have clients that use dns over https.
And what can we do with TLS 1.3?
Thanks for that Normis..! So can i make a static DNS server in mikrotik for this purpose..? so any ones who want to go to tiktok will be redirected to another site..? Like my company site, is there is something like that in mikrotik..?
@mikrotik
Жыл бұрын
Yes, blocking by dns name is yet another approach.
@Problembaer4
Жыл бұрын
You can create A-Records, which maps Domain-Names to an IP or you can create an CNAME-Record which maps to another Domain-Name. So, yes, this is possible with MT-DNS.
#clockblocking? I think I've heard about it before😉
Neat
how can i block reagetton music
The real question is, how do I redirect all of my company's web traffic to spicy websites?
@CDR24
Жыл бұрын
You're a genius of evil
Any reason you can't set port without setting protocol? Just filter all protocols that support ports and fit into "port" value. It is annoying to duplicate same rules for different protocols when you care about port only.
Is anyone still active here ? Iv tried this route with no joy, and if i capture IP using a Mangle rule then create a filter rule it seems to take my router down and stop total internet access. Pls assist -
how to block regaetton music
for tiktok not working anymore in 2024
OK, i'm confused. The filter you created was for **tiktok** . The header you showed in Wireshark appears to match **tiktok** , yet you are not stopping it?
@mikrotik
Жыл бұрын
You can block any service or website this way, TikTok is just one example
@chumgrinder25
Жыл бұрын
@@mikrotik I believe you have misunderstood my comment. The purpose of you doing the Wireshark exercise was to determine what strings besides **tiktok** you needed to block to cover all the traffic, but the name you found should already have been blocked by *tiktok*. So why wasn't it already being blocked?
@mikrotik
Жыл бұрын
No, the idea is that an app like TikTok could be using servers that do not have TikTok in their address, they might use some other address, like cdn.clockapp.com, for example. So blocking TikTok may not work (but TikTok is just an example, in real life blocking just *tiktok* works fine). This is why, if using *servicename* does not work, we suggest turning to Wireshark, to see what domain the app is using.
@chumgrinder25
Жыл бұрын
@@mikrotik Ah, I see now. You didn't show us an "interesting" TikTok packet with a non-tiktok name because TikTok doesn't actually use such servers. What made it confusing is that you implied they did because your phone continued to work. Thanks.
Hello! How to block access to youtube using mikrotik?
@mikrotik
6 ай бұрын
Did you watch the video?