Environment:
Mikrotik Version: 6.43.2
Mikrotik Series: RB20011UiAS
Pertama, pastikan user di LAN sudah bisa mengakses internet dengan normal, kemudian ikuti langkah berikut:
Setting DNS
Checklist Allow Remote Requests
Setting Firewall
Tambahkan NAT untuk akses DNS (port 53) agar query DNS tersimpan di mikrotik,
/ip firewall nat add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
Setting Scheduler
Buka System – Scheduler – Add (+), Sesuaikan Name, Start Time dan Interval,
disini schedule akan disimpan dengan nama BlockSite dan mulai dijalankan pada jam 01:00 dengan interval 1 jam. Kemudian pada bagian On Event, isikan script berikut:
##########################################################################
# Find all entry on dns cache
:foreach iDNS in=[/ip dns cache all find where (name~"netflix" || name~"bigo" || name~"tiktok" || name~"mlive" || name~"btc" || name~"bsv" || name~"bch" || name~"northghost" || name~"pool" || name~"tcdn.me" || name~"update.kies.samsung.com" || name~"3g.cn" || name~"browserupdate" || name~"miui" || name~"apple" || name~"mobile-legends" || name~"semi" || name~"nonton" || name~"bioskop" || name~"drakor" || name~"film" || name~"avast" || name~"avira" || name~"vidio" || name~"tv" || name~"smule" || name~"drama" || name~"korea" || name~"instagram" || name~"football" || name~"facebook" || name~"streaming" || name~"soccer" || name~"bola" ||name~"game" || name~"poker" || name~"porn" || name~"qq.com" || name~"qq.net" || name~"qq.org" || name~"roulette" || name~"sbobet" || name~"casino" || name~"xvideos") && (type="A") ] do={
# find and filtering keyword and only find record for type A
# for keyword just add keyword || name~"KEYWORD") before && (type="A")
##########################################################################
:local tmpDNSsite [/ip dns cache get $iDNS name] ;
:local tmpDNSip [/ip dns cache get $iDNS address];
:local nameList "BLOCK_SITE";
# save to local cache by string
##########################################################################
delay delay-time=10ms
# wait for 10ms
##########################################################################
:if ( [/ip firewall address-list find where address=$tmpDNSip] = "") do={
# chek for no more duplicate site on cache
##########################################################################
:log warning ("Added site to block on dns: $tmpDNSsite : $tmpDNSip");
# show info on warning log
##########################################################################
/ip firewall address-list add address=$tmpDNSip list=$nameList comment=$tmpDNSsite timeout=24:00:00;
# add site to add list entry.
##########################################################################
}
}
# End Script
##########################################################################Simpan schedule tersebut, dan setelah 1 jam maka dibagian Firewall – Address Lists akan ada list domain dan IP Address yang akan di block.
Kemudian tambahkan script berikut untuk mengeksekusi Address Lists tersebut
/ip firewall mangle
add action=mark-packet chain=prerouting comment=BLOCK_SITE \
dst-address-list=BLOCK_SITE in-interface=ether-LAN new-packet-mark=\
block_pkt passthrough=no
/ip firewall filter
add action=jump chain=forward comment=BLOCK_SITE jump-target=socmed \
packet-mark=socmed_pkt
add action=drop chain=socmed comment=BLOCK_SITE packet-mark=socmed_pktpada script mangle sesuaikan in-interface yang digunakan untuk akses LAN. Perhatikan counter filter Bytes/Packet yang baru saja dibuat, jika terus bertambah maka block access menggunakan domain atau keyword telah berhasil.
Done…