Block Access To Specific Websites - Mikrotik Script RouterOS
This script is useful if you want to block certain web sites but you don't want to use web proxy.
This example looks entries "rapidshare" and "youtube" in dns cache and adds IPs to address list named "restricted".
Before you begin, you must set up router to catch all dns requests:
/ip firewall nat
add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
and add firewall
/ip firewall filter
add chain=forward dst-address-list=restricted action=drop
Now we can write a script and schedule it to run, lets say, every 30 seconds.
Script Code:
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
:local cacheName [/ip dns cache all get $i name] ;
# :put $cacheName;
:if (([:find $cacheName "rapidshare"] >= 0) || ([:find $cacheName "youtube"] >= 0)) do={
:local tmpAddress [/ip dns cache get $i address] ;
# :put $tmpAddress;
# if address list is empty do not check
:if ( [/ip firewall address-list find list="restricted" ] = "") do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
} else={
:foreach j in=[/ip firewall address-list find list="restricted"] do={
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
:if ( $bNew = "true" ) do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
}
}
}
}
Credit: https://wiki.mikrotik.com/wiki/Manual:Scripting-examples