Open New Terminal. Then insert our rule. Do not forget to set it higher in list.
You can also manually create the rule with [+] button.
/ip firewall filter add act=drop chain=forward cont=Host: mikrotik.org
prot=tcp src-address=192.168.0.2 in-int=LAN1
That’s all. mikrotik.org website will no longer open. Thus, you block only outgoing requests. Router do not need to filter incoming packets from this website anymore, because there won’t be any incoming packets anymore. Outgoing traffic is typically 10-20 times smaller than the incoming. Also it only filters outgoing TCP requests. Besides outgoing GET-requests only take up to 200-500 bytes. They are placed in one package. Since load on rule content is small.
Also websites containing line Host: mikrotik.org will not be blocked and will pass GET-requests containing mikrotik.org. line.
src-address - set the computer's IP.
content = Host: mikrotik.org - blocked website
If you want to block access to the website for all the computers, remove this line src-address.
If you want to block only specific computers - you can create record with an IP blocked computers in address-list tab. Call these notes block-website for example.
Specify this address list in the recording Src.Address List.
Src-address – delete this