Когато говорим за браузер базирани приложения IPTABLES и SQUID вършат чудесна работа, но ако случая е като при мен и има пуснат AP то facebook приложенията (за Android и iOS) не могат да се блокират. Ето и моето решение базирано на L7-filter.
За
Linux с iptables:
nano /etc/l7-protocols/protocols/facebook.pat
facebook
^.+(facebook.com).*\$
# iptables -t mangle -A PREROUTING -s 100.0.0.0/24 -m layer7 --l7proto facebook -j DROP
За
Mikrotik наливате тези два скрипта:
/system script add name="FB_block_UP"
/system script edit FB_block_UP source="
:local fbID \"facebook\"
:local fbRegex \"^.+(facebook.com).*\$\"
:if ([:len [ /ip firewall layer7-protocol find name=$fbID]] > 0) do={
:put \" layer7-protocol definitions for $fbID already exists!\" } else={
:put \" Adding layer7-protocol definitions for $fbID ...\"
/ip firewall layer7-protocol add name=$fbID regexp=$fbRegex
:local rnR [/ip firewall layer7-protocol get value-name=regexp [find name=$fbID]]
:local rnN [/ip firewall layer7-protocol get value-name=name [find name=$fbID]]
:put \" .:: Reading added layer7-protocol definition ::.\"
:put \" NAME\tREGEX\"
:put \" $rnN\t$rnR\"
}
:if ([:len [ /ip firewall filter find comment=\"$fbID\"]] > 0) do={
:put " Firewall rule for $fbID already exist!" } else={
:put \" Adding firewall rule for $fbID ...\"
/ip firewall filter add action=drop chain=forward layer7-protocol=$fbID comment="$fbID"
:local rnC [/ip firewall filter get value-name=chain [/ip firewall filter find comment="$fbID"]]
:local rnA [/ip firewall filter get value-name=action [/ip firewall filter find comment="$fbID"]]
:local rnL [/ip firewall filter get value-name=layer7-protocol [/ip firewall filter find comment="$fbID"]]
:put \" .:: Printig new firewall rule ::.\"
:put \" CHAIN\tACTION\tLAYER7-PROTOCOL\"
:put \" $rnC\t$rnA\t$rnL\"
}"
/system script add name="FB_block_DOWN"
/system script edit FB_block_DOWN source="
:local fbID \"facebook\"
:if ([:len [ /ip firewall filter find comment=\"$fbID\"]] = 0) do={
:put \" Firewall rule for $fbID already REMOVED!\" } else={
:put \" Removing firewall rules for $fbID ...\"
/ip firewall filter remove [/ip firewall filter find comment="$fbID"]
}
:if ([:len [ /ip firewall layer7-protocol find name=$fbID]] = 0) do={
:put \" layer7-protocol definitions for $fbID already REMOVED!\" } else={
:put \" Removing layer7-protocol definitions for $fbID ...\"
/ip firewall layer7-protocol remove [/ip firewall layer7-protocol find name=$fbID]
}"