I want to block all internet access to a client only allow him two websites

Question

I am using a MikroTik Router and I tried to do it with firewall but it blocks the whole internet to the client and when i put a filter rule for allowing

One website for him its not working here is my rules:

For blocking whole websites:

ip → firewall → chain = forward → Src.Address = 192.168.2.33 → Action = drop

For allowing one website

chain = forward → src.address = 192.168.2.33 → Layer7protocol = valuefrom layer7proto → action = allow

Please help me.

Do you want to block DNS? Does the loading of websites depend on DNS resolution? Do you have the correct order for your rules? — Tero Kilkanen, Nov 27 '16 at 04:32
That doesn't answer any of my questions unfortunately. Without an answer we cannot help. — Tero Kilkanen, Nov 27 '16 at 11:39

score 1 · Answer 1 · answered Nov 29 '16 at 17:35

First of all you should allow the client to resolve its DNS queries so make a rule which allow forwarding of DNS (UDP port 53).

Then you should allow TCP port 80 destinated to IP addresses of the websites. Notice that the website maybe contains object from other websites. You should allow then in your firewall rule.

At the end you should put allow rules upper than deny rule.

Mightypup · Answer 2 · 2016-11-27T19:21:14.200

I'm not sure if it will be much help as I'm not familiar with your setup but IE has a built in filter called something like Security Advisor or Content Advisor in which you can allow access only to certain sites.

If you uninstall any other browser apart from IE his website access will be fully controlled. The only way to get round it is to install another browser but I'm sure you can figure out a restriction for that as well :)

I want to block all internet access to a client only allow him two websites

2 Answers2