Block Sites User Keywords Use Dns Cache - MikroTik Script RouterOS
Make sure to only use Mikrotik DNS:
/ip firewall nat
add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
There are 2 blocking options:
1.Block it by dropping it in Filter rules
/ip firewall filter
add chain=forward dst-address-list=BLOCK_SITE action=drop
2. Block by redirecting IP and Port
/ip firewall nat
add action=dst-nat chain=dstnat comment="BLOCK WEBSITE" dst-address-list=
BLOCK_SITE dst-port=80,81,8181,443 protocol=tcp to-addresses=36.86.63.185 to-ports=80
Notes:
1. Do not immediately install the scripts, learn first, especially for keywords, you should first change the keywords according to your needs.
2. By default the website that I block I point to internet postifi with ip 36.86.63.185 you can direct it to another IP.
3. Please enter it in the proxy schedule or via a free script and it's better if the running time is not too fast, I personally set it only in 10 minutes
4. This script eats up a little of resources so sorry for the plastic RB (the old one), you should set the running timing a little longer.
:foreach iDNS in=[/ip dns cache all find where (name~"poker" || name~"porn" || name~"cheat" || name~"bokep" || name~"ngentot" || name~"qq.com" || name~"qq.net" || name~"qq.org" || name~"roulette" || name~"sbobet" || name~"casino" || name~"xvideos") && (type="A") ] do={
:local tmpDNSsite [/ip dns cache get $iDNS name] ;
:local tmpDNSip [/ip dns cache get $iDNS address];
:local nameList "BLOCK_SITE";
delay delay-time=10ms
:if ( [/ip firewall address-list find where address=$tmpDNSip] = "") do={
:log warning ("Added site to block on dns: $tmpDNSsite : $tmpDNSip");
/ip firewall address-list add address=$tmpDNSip list=$nameList comment=$tmpDNSsite;
}
}