I use this firewall on my router, so far its work, cmiw
/ip firewall layer7-protocol
add name=facebook regexp="^.+(www.facebook.com|facebook.com|login.facebook.com\
|api.facebook.com|www.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com\
|www.fbcdn.com|static.ak.fbcdn.net|static.ak.connect.facebook.com|connect.\
facebook.net|www.connefacebook.net|apps.facebook.com|id-id.facebook.com|we\
b.facebook.com).*\$"
/ip firewall address-list
add address=dixonscarphone.facebook.com list=facebook
add address=edge-mqtt-p46-shv-01-hkg3.facebook.com list=facebook
add address=edge-snaptu-http-p4-shv-01-amt2.facebook.com list=facebook
add address=edge-star-mini-shv-02-gru2.facebook.com list=facebook
add address=edge-star-mini6-shv-01-nrt1.facebook.com list=facebook
add address=edge-star-z-mini-shv-01-gru2.facebook.com list=facebook
add address=fbonly-test-bgp-02-sin6.facebook.com list=facebook
add address=livestream-edgetee-upload6-shv-02-ort2.facebook.com list=facebook
add address=star.facebook.com list=facebook
add address=a.ns.facebook.com list=facebook
add address=b.ns.facebook.com list=facebook
add address=c.ns.facebook.com list=facebook
add address=d.ns.facebook.com list=facebook
add address=edge-star-mini-shv-01-frx5.facebook.com list=facebook
add address=edge-star-mini-shv-01-nrt1.facebook.com list=facebook
add address=edge-star-mini-shv-01-sea1.facebook.com list=facebook
add address=edge-star-mini-shv-02-lax3.facebook.com list=facebook
add address=edge-star-mini6-shv-01-frx5.facebook.com list=facebook
add address=edge-star-mini6-shv-01-sea1.facebook.com list=facebook
add address=edge-star-mini6-shv-02-gru2.facebook.com list=facebook
add address=edge-star-mini6-shv-02-lax3.facebook.com list=facebook
add address=www.facebook.com list=facebook
add address=m.facebook.com list=facebook
add address=star.c10r.facebook.com list=facebook
add address=star-mini.c10r.facebook.com list=facebook
add address=facebook.com list=facebook
add address=mqtt.c10r.facebook.com list=facebook
/ip firewall mangle
add action=mark-connection chain=prerouting comment=FB dst-address-list=\
facebook dst-port=80,443 new-connection-mark=facebook_conn passthrough=\
yes protocol=tcp src-address-list=local
add action=mark-connection chain=prerouting dst-address-list=facebook \
dst-port=80,443 new-connection-mark=facebook_conn passthrough=yes \
protocol=udp src-address-list=local
add action=mark-packet chain=prerouting connection-mark=facebook_conn \
new-packet-mark=facebook passthrough=no
/ip firewall filter
add action=drop chain=forward dst-port=80,443 layer7-protocol=facebook \
protocol=tcp src-address-list=local
add action=drop chain=forward dst-address-list=facebook dst-port=80,443 \
protocol=tcp src-address-list=local
add action=drop chain=forward dst-address-list=facebook dst-port=80,443 \
protocol=udp src-address-list=local
add action=drop chain=forward packet-mark=facebook
And set dns-static :
/ip dns static
add address=127.0.0.1 name=facebook.com
/ip firewall layer7-protocol
add name=facebook regexp="^.+(www.facebook.com|facebook.com|login.facebook.com\
|api.facebook.com|www.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com\
|www.fbcdn.com|static.ak.fbcdn.net|static.ak.connect.facebook.com|connect.\
facebook.net|www.connefacebook.net|apps.facebook.com|id-id.facebook.com|we\
b.facebook.com).*\$"
/ip firewall address-list
add address=dixonscarphone.facebook.com list=facebook
add address=edge-mqtt-p46-shv-01-hkg3.facebook.com list=facebook
add address=edge-snaptu-http-p4-shv-01-amt2.facebook.com list=facebook
add address=edge-star-mini-shv-02-gru2.facebook.com list=facebook
add address=edge-star-mini6-shv-01-nrt1.facebook.com list=facebook
add address=edge-star-z-mini-shv-01-gru2.facebook.com list=facebook
add address=fbonly-test-bgp-02-sin6.facebook.com list=facebook
add address=livestream-edgetee-upload6-shv-02-ort2.facebook.com list=facebook
add address=star.facebook.com list=facebook
add address=a.ns.facebook.com list=facebook
add address=b.ns.facebook.com list=facebook
add address=c.ns.facebook.com list=facebook
add address=d.ns.facebook.com list=facebook
add address=edge-star-mini-shv-01-frx5.facebook.com list=facebook
add address=edge-star-mini-shv-01-nrt1.facebook.com list=facebook
add address=edge-star-mini-shv-01-sea1.facebook.com list=facebook
add address=edge-star-mini-shv-02-lax3.facebook.com list=facebook
add address=edge-star-mini6-shv-01-frx5.facebook.com list=facebook
add address=edge-star-mini6-shv-01-sea1.facebook.com list=facebook
add address=edge-star-mini6-shv-02-gru2.facebook.com list=facebook
add address=edge-star-mini6-shv-02-lax3.facebook.com list=facebook
add address=www.facebook.com list=facebook
add address=m.facebook.com list=facebook
add address=star.c10r.facebook.com list=facebook
add address=star-mini.c10r.facebook.com list=facebook
add address=facebook.com list=facebook
add address=mqtt.c10r.facebook.com list=facebook
/ip firewall mangle
add action=mark-connection chain=prerouting comment=FB dst-address-list=\
facebook dst-port=80,443 new-connection-mark=facebook_conn passthrough=\
yes protocol=tcp src-address-list=local
add action=mark-connection chain=prerouting dst-address-list=facebook \
dst-port=80,443 new-connection-mark=facebook_conn passthrough=yes \
protocol=udp src-address-list=local
add action=mark-packet chain=prerouting connection-mark=facebook_conn \
new-packet-mark=facebook passthrough=no
/ip firewall filter
add action=drop chain=forward dst-port=80,443 layer7-protocol=facebook \
protocol=tcp src-address-list=local
add action=drop chain=forward dst-address-list=facebook dst-port=80,443 \
protocol=tcp src-address-list=local
add action=drop chain=forward dst-address-list=facebook dst-port=80,443 \
protocol=udp src-address-list=local
add action=drop chain=forward packet-mark=facebook
And set dns-static :
/ip dns static
add address=127.0.0.1 name=facebook.com
Statistics: Posted by aryawidura — Fri Apr 25, 2025 6:43 am
