From time to time, some employees doesn’t understand the normal language and the only thing you can do is to use force. Facebook is good and nice thing but only if you’re a reasonable person which understand the terms like “working hour”, “job to do”, etc…
Here are the few tricks which can help you to totally block Facebook.
Create two lists (fb for Facebook IPs and fbWhitelist for local computers which you want to exclude from restrictions)
/ip firewall address-list add address=192.168.1.195 comment="" disabled=no list=fbWhitelist add address=192.168.1.198 comment="" disabled=no list=fbWhitelist add address=192.168.1.194 comment="" disabled=no list=fbWhitelist add address=31.13.24.0/21 comment="" disabled=no list=fb add address=31.13.64.0/18 comment="" disabled=no list=fb add address=66.220.144.0/20 comment="" disabled=no list=fb add address=69.63.176.0/20 comment="" disabled=no list=fb add address=69.171.224.0/19 comment="" disabled=no list=fb add address=74.119.76.0/22 comment="" disabled=no list=fb add address=103.4.96.0/22 comment="" disabled=no list=fb add address=173.252.64.0/18 comment="" disabled=no list=fb add address=204.15.20.0/22 comment="" disabled=no list=fb |
Add filter rule with
/ip firewall filter add action=drop chain=forward comment="facebook drop" disabled=no dst-address-list=fb dst-port=80 in-interface=lan protocol=tcp src-address-list=!fbWhitelist |
That’s it.
Now if you want to exclude some IPs, just add them to fbWhitelist and they won’t be blocked.
87.245.223.0/24