Привет. нужна помощь.. есть два микротика . основной и репитор (со своим DHCP) проблема такова... на втором микроике (который находиться на другом этаже) есть офис, всем пользователям которого запрещается лазить на сайтах кроме whatsupp, instagram, youtube. Кстати все они на телефонах. # dec/13/2018 11:37:26 by RouterOS 6.43.7 # software id = GNYE-Q0GK # # model = 951Ui-2HnD # serial number = 000000000000000 /interface bridge add admin-mac=00000000000 auto-mac=no name=bridge-local /interface ethernet set [ find default-name=ether1 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=WAN set [ find default-name=ether2 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=LAN set [ find default-name=ether3 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether4 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether5 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa-psk,wpa2-psk eap-methods="" \ management-protection=allowed mode=dynamic-keys name=Tuyuk \ supplicant-identity="" wpa-pre-shared-key=tuyuk@2018 wpa2-pre-shared-key=\ tuyuk@2018 /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \ security-profile=Tuyuk ssid=Tuyuk /ip pool add name=dhcp_pool1 ranges=192.168.8.100-192.168.8.250 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=bridge-local name=dhcp1 /interface bridge port add bridge=bridge-local interface=ether2 add bridge=bridge-local interface=wlan1 add bridge=bridge-local interface=ether3 /ip address add address=192.168.1.189/24 interface=ether1 network=192.168.1.0 add address=192.168.8.254/24 interface=bridge-local network=192.168.8.0 /ip dhcp-server network add address=192.168.8.0/24 gateway=192.168.8.254 /ip dns set allow-remote-requests=yes servers=8.8.8.8 /ip dns static add address=192.168.88.1 name=router.lan /ip firewall address-list add address=whatsapp.com list=eljur add address=instagram.com list=eljur add address=youtube.com list=eljur /ip firewall filter add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp add action=reject chain=forward disabled=yes dst-address-list=!eljur \ protocol=tcp reject-with=tcp-reset src-address=192.168.8.0/24 add action=drop chain=forward dst-address-list=!eljur protocol=udp \ src-address=192.168.8.0/24 add action=accept chain=input protocol=icmp add action=accept chain=input connection-state=established in-interface=\ ether1 add action=accept chain=input connection-state=related in-interface=ether1 add action=drop chain=input in-interface=ether1 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 /ip route add distance=1 gateway=192.168.1.254 /system clock set time-zone-name=Asia/Bishkek почему то блокирует весь трафик. Помогите разобраться. Либо есть альтернативные способы запрета всех "сайтов кроме..." С уважением Nukew
