kravemir/mikrotik-setup-scheduled-domain-blocking

## mikrotik-setup-scheduled-domain-blocking


########################################
# remove old "Block Web" configuration #
########################################

/system scheduler remove               [/system scheduler find name~"Block Web*"]
/system script remove                  [/system script    find name~"Block Web*"]
/ip firewall filter remove             [/ip firewall filter       find comment~"Block Web*"]
/ip firewall address-list remove       [/ip firewall address-list find list="blocked_web"]


#######################
# create address-list #
#######################

/ip firewall address-list

# facebook.com
add address=facebook.com             list=blocked_web
add address=static.facebook.com      list=blocked_web
add address=www.facebook.com         list=blocked_web
add address=api.facebook.com         list=blocked_web
add address=edge-mqtt.facebook.com   list=blocked_web
add address=graph.facebook.com       list=blocked_web
add address=mqtt.c10r.facebook.com   list=blocked_web
add address=portal.fb.com            list=blocked_web
add address=star.c10r.facebook.com   list=blocked_web
add address=scontent.xx.fbcdn.net    list=blocked_web
add address=mqtt-mini.facebook.com   list=blocked_web

# facebook.sk
add address=facebook.sk             list=blocked_web
add address=static.facebook.sk      list=blocked_web
add address=www.facebook.sk         list=blocked_web
add address=api.facebook.sk         list=blocked_web
add address=edge-mqtt.facebook.sk   list=blocked_web
add address=graph.facebook.sk       list=blocked_web
add address=mqtt.c10r.facebook.sk   list=blocked_web
add address=portal.fb.sk            list=blocked_web
add address=star.c10r.facebook.sk   list=blocked_web
add address=mqtt-mini.facebook.sk   list=blocked_web

add address=messenger.com         list=blocked_web
add address=www.messenger.com     list=blocked_web

add address=azet.sk               list=blocked_web
add address=www.azet.sk           list=blocked_web

add address=aktuality.sk          list=blocked_web

add address=aliexpress.com        list=blocked_web

add address=phoronix.com          list=blocked_web
add address=www.phoronix.com      list=blocked_web


##########################
# create firewall filter #
##########################
/ip firewall filter
add action=reject chain=forward comment="Block Web Sites" dst-address-list=blocked_web reject-with=icmp-network-unreachable

add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.com"
add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.com"
add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.com"
add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.com"

add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.sk"
add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.sk"
add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.sk"
add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.sk"

move destination=([find comment~"defconf*"]->0) numbers=[/ip firewall filter find comment~"Block Web-TLS*"]

##############################################
# create scripts to enable / disable filters #
##############################################

/system script
add name="Block Web Enable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=no }"
add name="Block Web Disable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=yes }"


####################
# schedule scripts #
####################

/system scheduler
add name="Block Web Stop  at 08:30" on-event="Block Web Disable" interval=1d  start-time=08:30:00
add name="Block Web Start at 09:15" on-event="Block Web Enable"  interval=1d  start-time=09:15:00
add name="Block Web Stop  at 14:00" on-event="Block Web Disable" interval=1d  start-time=13:58:00
add name="Block Web Start at 15:00" on-event="Block Web Enable"  interval=1d  start-time=15:05:00
add name="Block Web Stop  at 18:00" on-event="Block Web Disable" interval=1d  start-time=18:00:00
add name="Block Web Start at 19:03" on-event="Block Web Enable"  interval=1d  start-time=19:03:00


#######################
# print configuration #
#######################

/system scheduler print

/system script print

/ip firewall filter print

/ip firewall address-list print


	########################################
	# remove old "Block Web" configuration #
	########################################

	/system scheduler remove [/system scheduler find name~"Block Web*"]
	/system script remove [/system script find name~"Block Web*"]
	/ip firewall filter remove [/ip firewall filter find comment~"Block Web*"]
	/ip firewall address-list remove [/ip firewall address-list find list="blocked_web"]


	#######################
	# create address-list #
	#######################

	/ip firewall address-list

	# facebook.com
	add address=facebook.com list=blocked_web
	add address=static.facebook.com list=blocked_web
	add address=www.facebook.com list=blocked_web
	add address=api.facebook.com list=blocked_web
	add address=edge-mqtt.facebook.com list=blocked_web
	add address=graph.facebook.com list=blocked_web
	add address=mqtt.c10r.facebook.com list=blocked_web
	add address=portal.fb.com list=blocked_web
	add address=star.c10r.facebook.com list=blocked_web
	add address=scontent.xx.fbcdn.net list=blocked_web
	add address=mqtt-mini.facebook.com list=blocked_web

	# facebook.sk
	add address=facebook.sk list=blocked_web
	add address=static.facebook.sk list=blocked_web
	add address=www.facebook.sk list=blocked_web
	add address=api.facebook.sk list=blocked_web
	add address=edge-mqtt.facebook.sk list=blocked_web
	add address=graph.facebook.sk list=blocked_web
	add address=mqtt.c10r.facebook.sk list=blocked_web
	add address=portal.fb.sk list=blocked_web
	add address=star.c10r.facebook.sk list=blocked_web
	add address=mqtt-mini.facebook.sk list=blocked_web

	add address=messenger.com list=blocked_web
	add address=www.messenger.com list=blocked_web

	add address=azet.sk list=blocked_web
	add address=www.azet.sk list=blocked_web

	add address=aktuality.sk list=blocked_web

	add address=aliexpress.com list=blocked_web

	add address=phoronix.com list=blocked_web
	add address=www.phoronix.com list=blocked_web


	##########################
	# create firewall filter #
	##########################
	/ip firewall filter
	add action=reject chain=forward comment="Block Web Sites" dst-address-list=blocked_web reject-with=icmp-network-unreachable

	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.com"
	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.com"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.com"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.com"

	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.facebook.sk"
	add action=reject chain=forward comment="Block Web-TLS facebook.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="facebook.sk"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="*.messenger.sk"
	add action=reject chain=forward comment="Block Web-TLS messenger.com" protocol=tcp reject-with=icmp-network-unreachable tls-host="messenger.sk"

	move destination=([find comment~"defconf"]->0) numbers=[/ip firewall filter find comment~"Block Web-TLS"]

	##############################################
	# create scripts to enable / disable filters #
	##############################################

	/system script
	add name="Block Web Enable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=no }"
	add name="Block Web Disable" source="/foreach rule in=[/ip firewall filter find comment~\"Block Web*\"] do={ /ip firewall filter set \$rule disabled=yes }"


	####################
	# schedule scripts #
	####################

	/system scheduler
	add name="Block Web Stop at 08:30" on-event="Block Web Disable" interval=1d start-time=08:30:00
	add name="Block Web Start at 09:15" on-event="Block Web Enable" interval=1d start-time=09:15:00
	add name="Block Web Stop at 14:00" on-event="Block Web Disable" interval=1d start-time=13:58:00
	add name="Block Web Start at 15:00" on-event="Block Web Enable" interval=1d start-time=15:05:00
	add name="Block Web Stop at 18:00" on-event="Block Web Disable" interval=1d start-time=18:00:00
	add name="Block Web Start at 19:03" on-event="Block Web Enable" interval=1d start-time=19:03:00


	#######################
	# print configuration #
	#######################

	/system scheduler print

	/system script print

	/ip firewall filter print

	/ip firewall address-list print