so, at my client’s office, there was a need to block youtube access during working hours (08:00-17:00). the local administrator there tried to create rules on mikrotik router OS firewall, using layer7-filter, block youtube ip address, and the result is more complaints from user 🙁
So the idea was:
- implement l7-filter to identify youtube traffic
- gather youtube IP addresses
- block those youtube IP address
I have warned them that the method above could have impact on other google services as youtube is part of google services, and its more likely they will share same IP addresses. that means if you block youtube ip addresses, you will block other google services as well.
well, firewall rules goes on (and seemed my warning was ignored :-p), and few moments later, customers were complaining, they cannot access google drive, and started screaming. see picture below:
after that, i jumped into the router, check blocklist of youtube IP address, and tadaa… look at the picture below
so, i did ping the drive.google.com, and get its IP address. and i found that IP address on youtube blocklist. oh my… :-p this really explain why clients cannot access google drive. clearly because our firewall blocks them.
Conclusion: method of “block youtube IP address” has an impact of not being able to access other services. we need to use other method to of blocking youtube, and clearly its not based on layer 3 information only.
More from this site
May 2017, GLC Webinar: Firewall NAT on Mikrotik (0)- April 2017, GLC Webinar: Fighting DDOS attack with Mikrotik (0)
- menggabungkan 2 isp ke dalam 1 routerboard (9)
- Routing protocol vs routed protocol (0)
- combining 2 ISP with one mikrotik routerboard (4)
- What is internet? IXP? how it works? (0)
- FULL-routes vs partial-routes on BGP (0)
- Observing the DDOS/probing attack with Mikrotik device (0)
- August 2016, GLC Webinar: Limiting Bandwidth of Specific Destination Based on Address List (0)
- What is multiplex, multiple access? (0)
Hi we have same problems, and tried sam things as block IP,
Did you find other idea? Could you share it?
You could block it via DNS and then disallow all other connnections via port 53 to internet. That’s how I set it up on my Linux machine. However, this will not prevent advanced users from accessing youtube.
You could block it via DNS and then disallow all other connnections via port 53 to internet. That’s how I set it up on my Linux machine. However, this will not prevent advanced users from accessing youtube.
You could block it via DNS and then disallow all other connnections via port 53 to internet. That’s how I set it up on my Linux machine.
ditempat saya tidak perlu untuk block websitenya, batasi saja kecepatan streaming video nya, ini lebih efektif dan layanan google bisa berjalan dengan normal
Author = FAG!