How to Block Internet Access in Mikrotik

Cara Blokir Akses Internet Di Mikrotik

The internet is a container of information and How to Block Internet Access in Mikrotik on the proxy that many people access today. Especially now that many smartphones have it, even students. In other words, the internet can now be accessed by anyone, including young children who are still learning.

Indeed, this internet has a lot of information that is very useful for students, but there are also some things that are inappropriate for young children to see, such as adult websites, radicalism, and violence.

Therefore it is necessary to block access to certain websites to prevent small children from accessing them. There are several ways to block internet access, one of which is via Mikrotik.

Mikrotik provides a firewall that allows us to block an IP from certain websites from being accessed. Mikrotik Firewall rules or blocks all HTTP and HTTPS websites responsible for viewing websites.

HTTP works on TCP port 80 and HTTPS works on TCP port 443, so to block all unwanted website sites we have to cancel all requests from TCP ports 80 and 443 via Mikrotik Firewall.

Now if we want to block all websites and want to allow some websites we have to do some reverse work which means we have to create firewall rules which will block all websites and we have to create another firewall rule which will allow a group of websites through the MikroTik Firewall. In this article, I will discuss how to block internet access on Mikrotik Firewall.

Check Router Products from NetData here:

Steps to Block Internet Access in Mikrotik

Here are the steps that will show you how to block internet access in Mikrotik all requests on TCP ports 80 and 443 in Mikrotik Firewall.

  • Select IP menu> Firewall menu item and click on filter rule tab> +.
  • In this new window select Forward from the dropdown chain menu.
  • Select the TCP protocol from the Protocol menu.
  • Select Dst. Port input box and enter 80, 443.
  • Select the Action tab and select the drop menu Action.
  • Click Apply> OK.

Copy and paste the script below into New Terminal

/ ip firewall filter

add action = drop chain = forward dst-port = 80,443 protocol = tcp

Cara Blokir Akses Internet Di Mikrotik

If so, all websites are blocked, so users cannot open any websites.

For how to block internet access in Mikrotik but we want to allow certain websites then we have to create another Firewall rule that will allow a group of websites through the Mikrotik Firewall.

Mikrotik Firewall rules allow a group of websites. To create a website that is allowed, you can use the following steps to block internet access in Mikrotik:

  • Select IP> Firewall then select the filter rules> + tab.
  • Select Forward from the dropdown chain menu.
  • Select tcp from the Protocol dropdown menu.
  • Select Dst. Input port box and enter 80,443.
  • Select the Advanced tab and put the name of the group or site that will be allowed to be accessed in Dst. Address List input box.
  • Select the Action tab and select accept from the Action menu.
  • Click Apply> OK.

Now you can create allowed rules on top of canceled rules. Otherwise, the permitted website will be under the canceled rules and the user will fail to open the permitted website.

Mikrotik Firewall

In the steps to block internet access in Mikrotik, we have created a group of websites that can be accessed but have not yet determined which websites are included in the group. The steps for blocking internet access in Mikrotik are as follows:

  • Select the IP menu> Firewall> Tab address list> +.
  • Select the name of the group that you have created from the name menu.
  • Enter the website URL, for example that you want to add to this group in the Address field.
  • Click Apply> OK.

That way you have to add as many websites as possible in accordance with the steps for blocking internet access in Mikrotik which have just been explained.

Just a note on how to block internet access on Mikrotik if you want to allow websites that use multiple IPs for domains such as Google, Facebook, Youtube, and so on, otherwise the website cannot be accessed.

How to Block the Internet Using Mikrotik at Certain Hours

Previously we discussed the steps for blocking internet access in Mikrotik in general.

This time we will use website blocking technology via Mikrotik but with a certain schedule.

The method is not far from blocking internet access in Mikrotik before but using additional methods to set what time the website can be accessed or not.

Blocking internet access at certain hours has many purposes, for example to limit users to use the internet at night and allow it only during peak hours, namely morning to noon.

Turning off or on or often referred to as network management is the task of an IT or network technician who manages data traffic on a network.

Easy Ways to Block Internet Access in Mikrotik

  • First we will configure the Mikrotik routerboard using the Winbox application.
  • If Winbox has been opened then make sure the Mikrotik routerboard has got our internet to configure the SNTP Client first.

System ➤ SNTP Client

 Cara Mudah Blokir Akses Internet Di Mikrotik

Check the enable box, then on the Primary NTP server you enter id.pool.ntp.orgentered if you have it, click apply. Click Apply.

  • If you have configured the time in Mikrotik, you first select System> Clock, in the timezone name column, adjust your origin, or the place where you are now, then click apply> ok.

konfigurasi waktu di Mikrotik

  • The next step, we create an IP for the switch first, namely by selecting IP> address.

When you click addresses, the address list window will appear, the next step you can click the plus sign + then fill in the IP you want and select the interface.

Example on the configuration used:

Addresses: (IP switch)

Network: (will be filled automatically if you have filled in the address and interface)

Interfaces: ether2

(the interface must be adjusted, here I connect the switch with the Mikrotik router via ether2 , because ether 1 is for the internet.)

If it is clicked Apply and the Network will be filled automatically then click OK.


  • If you have made an IP for the switch, then set up the DHCP server for ether2 or the switch first, so that clients connected through the switch get the IP automatically. How: click IP> DHCP> DHCP Setup.

If you have clicked DHCP setup, select next until it’s finished.

DHCP setup

  • After that, configure the Firewall so that it can block the internet at certain hours. click IP> Firewall> filter rule> click the + sign.

konfigurasi Firewall

Click the + sign to create a New Firewall Rule, then you click General then on Chain for forward contents, Src addresses for IP Network switches as shown below.


Then select the Extra menu, you have to enter only the time menu. Fill in the time that suits your needs, for example, the contents are from 21:00 – 07:00. This means that at 21:00 or 9:00 p.m. to 07:00 a.m. users will not be able to access the internet.

menu Extra

The next step is to fill in the action menu column which is replaced with a drop if it has been applied> OK.

drop jika sudah apply

This stage has been completed so you can test via CMD or the command prompt or you can also test directly to the Google website whether you have internet or not, but make sure the clock in Mikrotik matches the time you have previously set.

Thus our discussion of how to block internet access in Mikrotik which you can make a reference. Thank you and hope it is useful.


Leave a Reply

Your email address will not be published. Required fields are marked *

Semua operasional PT. Network Data Sistem akan menggunakan domain per tanggal 8 Mei 2019. Semua informasi/promosi dalam bentuk apapun selain menggunakan domain bukan tanggung jawab PT. Network Data Sistem Dismiss