mikrotik »çÀÌÆ® Â÷´Ü

lovin09   
   Á¶È¸ 5214   Ãßõ 0    

애들 때문에 게임사이트를 차단 하려 합니다. 

IP  -> firewall -> Layer7 Protocol 에서 

^.+(.nexon.com).*$ 

이렇게 했는데, nexon.com 이 들어가 지네요 

어떻게 하는지 고수분들 고견 바랍니다.


eclipse
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
±è¿ë³² 2017-03
static dns¸¦ »ç¿ëÇغ¸½Ã´Â°Ç ¾î¶³±î¿ä?
lovin09 2017-03
Á¤¸» ´Ù±â´ÉÀÇ Àåºñ °°Àºµ¥, ¾²±â°¡ ¾î·Æ±º¿ä.

¾Æ¹«·¡µµ Æ÷±âÇØ¾ß ÇÒµí Çϳ׿ä
ÇÁ·ÎÅäÄÝÀÌ¶ó¼­ ±×·±°Å ¾Æ´Ñ°¡¿ä?
iwill 2017-03
nexon.com ¾Õ¿¡  ´å(.)ÀÌ  µé¾î°¡¸é ¹®¹ý·êÀÌ Æ²·ÁÁ༭ ±×·±°Å ¾Æ´Ò±î¿ä..
^.+(nexon.com).*$  ÀÌ·¸°Ô ÇØ¾ß Çϴ°ɷΠ±â¾ïÀÌ...
¹éµÎ¼º 2017-03
httpµî domain nameÀÌ °á±¹ ip·Î º¯È¯µÇ±â ¶§¹®¿¡ data¿¡ nexonÀÌ µé¾î ÀÖ´Â °ÍÀº Àǹ̰¡ ¾ø½À´Ï´Ù.

µû¶ó¼­, dns°ªÀ» ÀÌ¿ëÇØ address  ¸ñ·ÏÀ» ¸¸µé ÇÊ¿ä°¡ ÀÖ½À´Ï´Ù.
´ÙÀ½ ¹®¼­ ÂüÁ¶Çϼż­
https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Block_access_to_specific_websites
firewall µîÀ» ¼³Á¤ÇϽðí

/system scripts¿¡ ³Ö´Â ½ºÅ©¸³Æ®´Â ´ÙÀ½À» »ç¿ëÇغ¸¼¼¿ä.

:foreach i in=[/ip dns cache all find where (name~"nexon") && (type="A") ] do={
    :local tmpAddress [/ip dns cache get $i address];
    delay delay-time=10ms
#prevent script from using all cpu time
    :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={       
        :local cacheName [/ip dns cache get $i name] ;
        :log info ("added entry: $cacheName  $tmpAddress");
        /ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
    }
}

±×¸®°í ÇØ´ç ½ºÅ©¸³Æ®¸¦ scheduler¿¡ °É¾îÁÖ¸é...
óÀ½¿¡´Â ºê¶ó¿ìÀú¿¡¼­ nexon.com¿¡ Á¢¼ÓµÇ¾ú´Ù°¡ dns cache°¡ µÇ°í ½ºÄÉÁÙ·¯°¡ µ¹¸é
address ¸®½ºÆ®°¡ µî·ÏµÇ¾î blockÀÌ µÇ°Ô µË´Ï´Ù.

È£±â½É¿¡ Çغ¸´Ï ¸µÅ© °É¸° ½ºÅ©¸³Æ®´Â ¾ÈµÇ°í ^^;
¾Æ·¡ ±Û º¸°í ÇÏ´Ï µÇ³×¿ä.
https://forum.mikrotik.com/viewtopic.php?t=31311

# °ü·Ã configuration Ãâ·Â°ªÀº ´ë·« ´ÙÀ½°ú °°½À´Ï´Ù.
#################

/ip firewall nat
add action=redirect chain=dstnat comment=DNS !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-type \
    !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-address-type !dst-limit dst-port=53 !fragment !hotspot !icmp-options \
    !in-bridge-port !in-interface !ingress-priority !ipsec-policy \
    !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
    !out-bridge-port !out-interface !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=tcp !psd !random \
    !routing-mark !routing-table !src-address !src-address-list \
    !src-address-type !src-mac-address !src-port !tcp-mss !time !to-addresses \
    to-ports=53 !ttl
add action=redirect chain=dstnat !connection-bytes !connection-limit \
    !connection-mark !connection-rate !connection-type !content disabled=no \
    !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
    dst-port=53 !fragment !hotspot !icmp-options !in-bridge-port \
    !in-interface !ingress-priority !ipsec-policy !ipv4-options \
    !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
    !out-interface !packet-mark !packet-size !per-connection-classifier !port \
    !priority protocol=udp !psd !random !routing-mark !routing-table \
    !src-address !src-address-list !src-address-type !src-mac-address \
    !src-port !tcp-mss !time !to-addresses to-ports=53 !ttl

/ip firewall filter
add action=drop chain=forward !connection-bytes !connection-limit \
    !connection-mark !connection-nat-state !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address \
    dst-address-list=restricted !dst-address-type !dst-limit !dst-port \
    !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
    !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
    log=no log-prefix="" !nth !out-bridge-port !out-interface !p2p \
    !packet-mark !packet-size !per-connection-classifier !port !priority \
    !protocol !psd !random !routing-mark !routing-table !src-address \
    !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !ttl

/system scheduler
add disabled=no interval=30s name=schedule_dns2addresslist on-event=\
    dns2addresslist policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    mar/25/2017 start-time=03:33:42
/system script
add comment="DNS(nexon.com)" name=dns2addresslist owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":foreac\
    h i in=[/ip dns cache all find where (name~\"nexon\") && (type=\"A\") ] do\
    ={\
    \n    :local tmpAddress [/ip dns cache get \$i address];\
    \n    delay delay-time=10ms\
    \n#prevent script from using all cpu time\
    \n    :if ( [/ip firewall address-list find where address=\$tmpAddress] =\
    \_\"\") do={        \
    \n        :local cacheName [/ip dns cache get \$i name] ;\
    \n        :log info (\"added entry: \$cacheName  \$tmpAddress\");\
    \n        /ip firewall address-list add address=\$tmpAddress list=restric\
    ted comment=\$cacheName;\
    \n    }\
    \n}"
lovin09 2017-03
°¨»çÇÕ´Ï´Ù. ^^  ³¯Àâ¾Æ¼­ ´Ù½Ã Çغ¸°Ú½À´Ï´Ù.
±è¿ë³² 2017-03
IP > DNS > Static¿¡¼­
+ ´­·¯¼­
Regexp: ^.*nexon\.com$
Address: 127.0.0.1
·Î Ãß°¡ÇØ ÁÖ¼¼¿ä

±×¸®°í
IP > DHCP Server > Networks¿¡¼­
DNS Servers: [Gateway¿Í µ¿ÀÏÇÑ IP]·Î ¼³Á¤ÇØ ÁÖ½Ã¸é µË´Ï´Ù.

°£´ÜÈ÷ *º£ »çÀÌÆ® °°Àº°Í ¸·±â¿¡ ÁÁ½À´Ï´Ù.


QnA
Á¦¸ñPage 2003/5696
2014-05   5031519   Á¤ÀºÁØ1
2015-12   1567955   ¹é¸Þ°¡
2017-03   4218   Àü¼³¼ÓÀǹ̡¦
2017-03   3830   ±¤Çö¾Æºü
2017-03   3788   ´À³¦
2017-03   3779   ±èÁ¾±¹12
2017-03   9494   ¾ÈÁö¾ß
2017-03   3460   AplPEC
2017-03   3574   ÀÌÇϳª
2017-03   5007   ´À³¦
2017-03   3150   ±èÁ¦¿¬
2017-03   5215   lovin09
2017-03   3567   ½ÅÀº¿Ö
2017-03   3752   NiteFlite9
2017-03   4107   Á¤ÀºÁØ1
2017-03   4246   demock
2017-03   6339   SkyBase
2017-03   3669   Furion
2017-03   3825   ¹Ìµµ¸®
2017-03   4676   ±¤Çö¾Æºü
2017-03   4060   ±èÁØÀ¯
2017-03   8287   ±è°Ç¿ì