so, at my client’s office, there was a need to block youtube access during working hours (08:00-17:00). the local administrator there tried to create rules on mikrotik router OS firewall, using layer7-filter, block youtube ip address, and the result is more complaints from user 🙁
So the idea was:
- implement l7-filter to identify youtube traffic
- gather youtube IP addresses
- block those youtube IP address
I have warned them that the method above could have impact on other google services as youtube is part of google services, and its more likely they will share same IP addresses. that means if you block youtube ip addresses, you will block other google services as well.
well, firewall rules goes on (and seemed my warning was ignored :-p), and few moments later, customers were complaining, they cannot access google drive, and started screaming. see picture below:
after that, i jumped into the router, check blocklist of youtube IP address, and tadaa… look at the picture below
so, i did ping the drive.google.com, and get its IP address. and i found that IP address on youtube blocklist. oh my… :-p this really explain why clients cannot access google drive. clearly because our firewall blocks them.
Conclusion: method of “block youtube IP address” has an impact of not being able to access other services. we need to use other method to of blocking youtube, and clearly its not based on layer 3 information only.