In this article I want to show on how to block Facebook using Mikrotik in three steps. We will use Web Proxy feature included in Mikrotik. We assume the LAN (Local Area Network) address is 192.168.56.0/24 and the IP address of ‘ether1’ which facing to the LAN is 192.168.56.254.
Here are the three steps:
1. Enable Web Proxy
We enable this web proxy without cache on disk.
ip proxy set enabled=yes port=8080 cache-on-disk=no
2. Add proxy access rules
In this step we define which website we want to block. In this case, we want to block Facebook. Remember that Facebook has many sub-domains so we have to block all that sub-domains.
ip proxy access add src-address=192.168.56.0/24 dst-host=*.facebook.com action=deny
The ‘*.facebook.com’ value means all sub-domains of facebook.com.
3. Enable the transparent proxy
In this step we have to redirect all web access to facebook.com coming from the LAN to the web proxy.
ip firewall nat add chain=dstnat in-interface=ether1 dst-port=80 protocol=tcp action=redirect to-ports=8080
That’s all. You can add as many websites that you want to block as described in step 2.