• Sign In
  • Create an Account
Toggle Nav
Search
Advanced Search
  • My Account
  • My Wish List
  • Sign In
My Cart
Whatsapp Image
Menu
Account

Safer Browsing with MikroTik

Safer Browsing with MikroTik
November 23, 2018
Safer Browsing with MikroTik
Kids are no strangers to the internet, and interest is growing to find ways of protecting them from some of the content out there. Luckily there are some basic configurations which you can use on Mikrotik to assist you. Though this is not a full-proof way of content blocking, it is quick and easy and will certainly improve the level of control you have over the type of content that can be accessed via your home router.

DNS Blocking

One of the easiest ways to facilitate a safer browsing experience is to simply use a public DNS which already maintain large blacklists of domains such as Open DNS. Adding this as your DNS server and redirecting all DNS queries to the router itself will already make a big difference.

/ip dns
set allow-remote-requests=yes servers=208.67.222.123,208.67.220.123



/ip firewall nat
add action=redirect chain=dstnat comment="Redirect DNS" dst-port=53 protocol=udp





If you do not wish to use public DNS service for all the client devices on your network, you can select and specify the devices that should via address-lists or MAC address:

Address List:


/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address-list=Parental-Control-List-IPs to-addresses=208.67.222.123

MAC Address:


/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 in-interface=X protocol=udp src-mac-address=XX:XX:XX:XX:XX:XX to-addresses=208.67.222.123









Youtube Restricted Mode

You can apply static entries into Mikrotik's DNS configuration to force restricted mode

/ip dns static
add address=216.239.38.119 name=www.youtube.com
add address=216.239.38.119 name=youtubei.googleapis.com
add address=216.239.38.119 name=youtube.googleapis.com
add address=216.239.38.119 name=www.youtube-nocookie.com
add address=216.239.38.119 name=m.youtube.com



Kid-Control

It is possible to apply schedules to specific users and their devices. You will also be able to apply rate limits and pause access on the fly if necessary. In the below example access is restricted to SUN,TUE,THU & FRI with a permanent rate limit of 3mbps

/ip kid-control
add fri="" mon="" name=Tim rate-limit=3M sat=18h30m-22h sun=15h-21h thu=0s-1d time-rate-limited=0s-0s tue=0s-1d wed=""
/ip kid-control device
add mac-address=XX:XX:XX:XX:XX:XX name="Tim's Phone" user=Tim





You can verify its operation as there will be dynamic entries created in the firewall and queue menus when in use





It is not necessary to worry about complex scripting or resource capacity on your router. Although the above tools are very basic they are very effective and can be implemented in minutes.



Tim Symonds
by
Did you like this post?
0

Search the blog

    Categories

    About author

    Tim Symonds

    Chief Technical Officer

    The ICT industry demands constant learning. That together with Scoop’s vision of providing our customers with the latest end-to-end networking solutions, ensures that Tim stays challenged and up to date with the latest and greatest networking technology.

    Recent posts

    Easy Network Management with Cudy Mobile App
    Easy Network Management with Cudy Mobile App
    Fanvil SIP Hotspot Set-Up in 5 Easy Steps
    Fanvil SIP Hotspot Set-Up in 5 Easy Steps
    MikroTik's 'Back to Home' VPN simple configuration
    MikroTik's 'Back to Home' VPN simple configuration
    RB-5009 - MikroTik’s Ultimate Utility Router
    RB-5009 - MikroTik’s Ultimate Utility Router
    Ubiquiti - Wave goodbye to slow wireless connections
    Ubiquiti - Wave goodbye to slow wireless connections

    Subscribe to newsletter

    Copyright © 2024 Scoop Distribution (Pty) Ltd. All rights reserved.