Redirect Blocked Customer

I had use all instruction you explain in Documentation to Block and redirect user ,but when I do the following rule
/ip firewall nat add action=dst-nat chain=dstnat protocol=tcp src-address-list=Reject_1 to-addresses= to-ports=8101
/ip firewall nat add action=redirect chain=dstnat protocol=!tcp src-address-list=Reject_1

when customer open Browser and type anything , they will redirect immediately exception Facebook How I can fix this issue .

So, facebook still works? And google for example ?

Hi Alex

Google and youtube it’s working and Facebook No yet.

There is another set of rules that can be used for blocking customers :
IP is the router’s WAN IP address.

/ip proxy
set enabled=yes

/ip proxy access
add action=allow disabled=no dst-host= dst-port=80
add action=deny disabled=no dst-port=80 redirect-to=
add action=deny

/ip firewall filter
add action=drop chain=forward comment=“Block All” disabled=yes log-prefix="" src-address-list=Reject_1
add action=accept chain=block comment=“Users need DNS to work” dst-port=53 protocol=udp
add action=accept chain=block comment=“Make port 80 to work” dst-port=80 protocol=tcp
add action=drop chain=block comment="Block everything else for blocked users"
add action=jump chain=forward comment=“Redirect blocked users to the block chain” jump-target=disconnected src-address-list=Reject_1

One important thing to all these blocking stuff. It blocks all traffic and redirects HTTP traffic to the page !!! BUT !!! It will block and NOT redirect the HTTPS traffic

So if customer will type,, and even, he will see that page cannot be open.

@Rhansseel amigo, mira a estas reglas, tienen que funcionar y no dar problemas con cache de paginas bloqueados

ok gracias

estas reglas son para bloquear cuando se trabaja con radius ?

Hola, importante es “src-address-list=Reject_1”. Eso dice que las reglas se aplican para IPs de address list Reject_1.

Cuando usas API para bloquear clientes, Splynx llama Address-list en otra manera : “SpLBL_blocked”

Entonces, tienes que aplicar las reglas para este Address list, por ejemplo :

/ip firewall nat add action=dst-nat chain=dstnat protocol=tcp src-address-list=SpLBL_blocked to-addresses= to-ports=8101
/ip firewall nat add action=redirect chain=dstnat protocol=!tcp src-address-list=SpLBL_blocked