kravemir · December 29, 2022 05:50
diff --git a/mikrotik-setup-scheduled-domain-blocking b/mikrotik-setup-scheduled-domain-blocking


 ########################################
 # remove old "Block Web" configuration #
 ########################################

 /system scheduler remove               [/system scheduler find name~"Block Web*"]
 /system script remove                  [/system script    find name~"Block Web*"]
 /ip firewall filter remove             [/ip firewall filter       find comment~"Block Web*"]
 /ip firewall address-list remove       [/ip firewall address-list find list="blocked_web"]


 #######################
 # create address-list #
 #######################

 /ip firewall address-list

 # facebook.com
 add address=facebook.com             list=blocked_web
 add address=static.facebook.com      list=blocked_web
 add address=www.facebook.com         list=blocked_web
 add address=api.facebook.com         list=blocked_web
 add address=edge-mqtt.facebook.com   list=blocked_web
 add address=graph.facebook.com       list=blocked_web
 add address=mqtt.c10r.facebook.com   list=blocked_web
 add address=portal.fb.com            list=blocked_web
 add address=star.c10r.facebook.com   list=blocked_web
 add address=scontent.xx.fbcdn.net    list=blocked_web
 add address=mqtt-mini.facebook.com   list=blocked_web

 # facebook.sk
 add address=facebook.sk             list=blocked_web
 add address=static.facebook.sk      list=blocked_web
 add address=www.facebook.sk         list=blocked_web
 add address=api.facebook.sk         list=blocked_web
 add address=edge-mqtt.facebook.sk   list=blocked_web
 add address=graph.facebook.sk       list=blocked_web
 add address=mqtt.c10r.facebook.sk   list=blocked_web
 add address=portal.fb.sk            list=blocked_web
 add address=star.c10r.facebook.sk   list=blocked_web
 add address=mqtt-mini.facebook.sk   list=blocked_web

 add address=messenger.com         list=blocked_web
 add address=www.messenger.com     list=blocked_web

 add address=azet.sk               list=blocked_web
 add address=www.azet.sk           list=blocked_web

 add address=aktuality.sk          list=blocked_web

 add address=aliexpress.com        list=blocked_web

 add address=phoronix.com          list=blocked_web
 add address=www.phoronix.com      list=blocked_web


 ##########################
 # create firewall filter #
 ##########################
 /ip firewall filter
 add action=reject chain=forward comment="Block Web Sites" dst-address-list=blocked_web reject-with=icmp-network-unreachable

 add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.com"
 add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.com"
 add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.com"
 add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.com"

 add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.sk"
 add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.sk"
 add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.sk"
 add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.sk"

 move destination=([find comment~"defconf*"]->0) numbers=[/ip firewall filter find comment~"Block Web-TLS*"]

 ##############################################
 # create scripts to enable / disable filters #
 ##############################################

 /system script 
 add name="Block Web Enable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=no }"
 add name="Block Web Disable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=yes }"


 ####################
 # schedule scripts #
 ####################

 /system scheduler
 add name="Block Web Stop  at 08:30" on-event="Block Web Disable" interval=1d  start-time=08:30:00
 add name="Block Web Start at 09:15" on-event="Block Web Enable"  interval=1d  start-time=09:15:00
 add name="Block Web Stop  at 14:00" on-event="Block Web Disable" interval=1d  start-time=13:58:00
 add name="Block Web Start at 15:00" on-event="Block Web Enable"  interval=1d  start-time=15:05:00
 add name="Block Web Stop  at 18:00" on-event="Block Web Disable" interval=1d  start-time=18:00:00
 add name="Block Web Start at 19:03" on-event="Block Web Enable"  interval=1d  start-time=19:03:00


 #######################
 # print configuration #
 #######################

 /system scheduler print

 /system script print

 /ip firewall filter print

 /ip firewall address-list print


	########################################
	# remove old "Block Web" configuration #
	########################################

	/system scheduler remove [/system scheduler find name~"Block Web*"]
	/system script remove [/system script find name~"Block Web*"]
	/ip firewall filter remove [/ip firewall filter find comment~"Block Web*"]
	/ip firewall address-list remove [/ip firewall address-list find list="blocked_web"]


	#######################
	# create address-list #
	#######################

	/ip firewall address-list

	# facebook.com
	add address=facebook.com list=blocked_web
	add address=static.facebook.com list=blocked_web
	add address=www.facebook.com list=blocked_web
	add address=api.facebook.com list=blocked_web
	add address=edge-mqtt.facebook.com list=blocked_web
	add address=graph.facebook.com list=blocked_web
	add address=mqtt.c10r.facebook.com list=blocked_web
	add address=portal.fb.com list=blocked_web
	add address=star.c10r.facebook.com list=blocked_web
	add address=scontent.xx.fbcdn.net list=blocked_web
	add address=mqtt-mini.facebook.com list=blocked_web

	# facebook.sk
	add address=facebook.sk list=blocked_web
	add address=static.facebook.sk list=blocked_web
	add address=www.facebook.sk list=blocked_web
	add address=api.facebook.sk list=blocked_web
	add address=edge-mqtt.facebook.sk list=blocked_web
	add address=graph.facebook.sk list=blocked_web
	add address=mqtt.c10r.facebook.sk list=blocked_web
	add address=portal.fb.sk list=blocked_web
	add address=star.c10r.facebook.sk list=blocked_web
	add address=mqtt-mini.facebook.sk list=blocked_web

	add address=messenger.com list=blocked_web
	add address=www.messenger.com list=blocked_web

	add address=azet.sk list=blocked_web
	add address=www.azet.sk list=blocked_web

	add address=aktuality.sk list=blocked_web

	add address=aliexpress.com list=blocked_web

	add address=phoronix.com list=blocked_web
	add address=www.phoronix.com list=blocked_web


	##########################
	# create firewall filter #
	##########################
	/ip firewall filter
	add action=reject chain=forward comment="Block Web Sites" dst-address-list=blocked_web reject-with=icmp-network-unreachable

	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.com"
	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.com"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.com"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.com"

	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.sk"
	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.sk"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.sk"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.sk"

	move destination=([find comment~"defconf"]->0) numbers=[/ip firewall filter find comment~"Block Web-TLS"]

	##############################################
	# create scripts to enable / disable filters #
	##############################################

	/system script
	add name="Block Web Enable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=no }"
	add name="Block Web Disable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=yes }"


	####################
	# schedule scripts #
	####################

	/system scheduler
	add name="Block Web Stop at 08:30" on-event="Block Web Disable" interval=1d start-time=08:30:00
	add name="Block Web Start at 09:15" on-event="Block Web Enable" interval=1d start-time=09:15:00
	add name="Block Web Stop at 14:00" on-event="Block Web Disable" interval=1d start-time=13:58:00
	add name="Block Web Start at 15:00" on-event="Block Web Enable" interval=1d start-time=15:05:00
	add name="Block Web Stop at 18:00" on-event="Block Web Disable" interval=1d start-time=18:00:00
	add name="Block Web Start at 19:03" on-event="Block Web Enable" interval=1d start-time=19:03:00


	#######################
	# print configuration #
	#######################

	/system scheduler print

	/system script print

	/ip firewall filter print

	/ip firewall address-list print