This blog will guide you to block internet udp ports 1024-65534 in your openwrt router. This is required for WFilter p2p blocking in pass-by filtering mode.
The destination port shall be “1024-65534″.
Done, now you can check the blocking policy in iptables list.
WFilter can block online streaming traffic in your network, even for mobile devices. In this tutorial we will guide you to block pps streaming in iphone and android with WFilter 4.0.
PPS in android is now unavailable.
PPS in iphone becomes infinite loading.
Blocking events in WFilter.
The “packet streaming” feature in RouterOS can send network packets to a network parser for analysis. In case when you don’t have a manageable switch, you can enable this feature for WFilter to monitor and filter network computers.
In this blog, I will demonstrate you to set up WFilter free for web filtering with RouterOS.
In “Tools”->”Packet Sniffer”, choose the lan interface as the sniffer interface.
Set the WFilter server ip as the streaming server
Done, now you shall be able to monitor all network computers in WFilter Free or WFilter Enterprise.
First, add a blocking level.
Block web surfing
Second, apply this blocking policy to target ip range.
Check blocking
This tutorial will guide you to block google images with WFilter.
First, enable “URL Keywords Filtering” in a blocking level.
Add an URL filter rule, and add keyword “imghp” in “Search Engines”.
Second, enable a website black list to block “images.google.*”
Now, google images will be blocked.
You may use WFilter to setup internet access policies for network computers. However, it could be a very complicated mission for IT department to set the policies when you have a lot of departments and users.
In this case, the solution is to setup multiple WFilter operators for departments. Each operator only can set policies for users in certain departments. For example, department manager has the privilege to set internet policies for department staffs.
In this topic, I will guide you to manage multiple operators in WFiler Enteprise 4.0.
You can add departments in Policy Settings->Department Settings
Add operators in System Settings->Manage Operators.
The “Supervising Dept.” defines the users whom this operator can see and configure. You also can define the WFilter menu for each operator.
You can define departments’ ip ranges in “Default Ip Policy”. So ip addresses will be added to certain deparment automatically.
In “User-computer table”, operator can only see users in its “Supervising Dept.”.
You can schedule standard reports to be sent to the department managers.
Online audio/video streaming can consume most of your bandwidth. To save your bandwidth, you might want to block online steaming traffic on your network.
Online streaming can run on different protocols:
Therefore, for complete blocking of online streaming, you need to setup several policies.
You can block video webpages by check “Block Online HTTP Video and Downloading of Video Files” in WFilter.
Now video webpages are blocked.
WFilter has an url database with most common websites. You can block streaming websites category.
Streaming websites will be blocked.
For more details about WFilter, please check: WFilter Features
This tutorial will guide you to block “Ammyy” with “WFilter Enterprise 4.0″.
Ammyy has one pattern:
“ammyy_tcp”:
Type — “TCP SEND”
Format — “0″
Content — “^\x25[\x00-\xff]{4}\x2e\xf4\xff\xff”
And apply this blocking policy to certain computers.
WFilter blocking events:
Failure connection of Ammyy.
Related Links:
http://blog.wfilterngf.com/How+To+Block+TeamViewer+On+My+Network+Using+WFilter.aspx
Hotspot Shield is a free vpn service for you to access blocked websites. With hotspot shield, you can bypass internet filter on your network.
So, to implement internet access policies in business networks, it is required to block hotspot shield traffic.
This tutorial will guide you to block hotspot shield with WFilter.
Because “hotspot shield” is not a default protocol of WFilter, you need to define it manually in “Customize Protocols”.
As in the above figure, add a new protocol named “HotSpot” in “Customize Protocols”. Three patterns are required:
UDP send pattern 1: “^\x88[\x00-\xff]{8}(\x00){5}$”
UDP send pattern 2: “^\x28[\x00-\xff]{9}(\x00){4}”
TCP send pattern: “\x00\x0e\x88[\x00-\xff]{8}(\x00){5}$”
Now, by enabling “Block hotspot” in blocking level settings, hotspot will be blocked.
Please notice:
Hotspot can be completely blocked when your WFilter is deployed in “pass-through” mode. However, in “pass-by” mode, for complete blocking of hotspot, you also need to block udp ports 900-65534 in your router or firewall. check: How to block certain UDP ports in router/firewall?
When you need to manage several offices internet access, it will be helpful if you can do the management in a central location.
This tutorial will guide you to manage several WFilter servers within a same user interface.
Step1: In WFilter’s dashboard, click “Edit” to define remote servers.
Step2: add servers.
Please notice:
Now you can switch WFilter servers in the dashboard. All the data will be retrieved from remote servers. So you can manage different WFilter servers in a central location.
Employees can spend hours on reading market data and online stock trading. To keep productivity, it is necessary to block online trading traffic during working hours.
This tutorial will guide you to block “Nest trader” and “(IIFL) Trader Terminal” traffic in your network.
Since WFilter does not have these two protocols supported in default, you need to add customize protocols in “System Settings”->”Customize Protocols”.
1). Add a new protocol named “IIFL Trader”, choose a protocol type.
2). Add a new pattern, choose pattern “Type” as “TLS”. Set pattern content as “swaraj\.indiainfoline\.com”.
3). Check “Block IIFL Trader” in your blocking policy.
4). Now IIFL trader can be blocked.
1). Add a new protocol named “Nest Trader”, choose a protocol type.
2). Add a new pattern, choose pattern “Type” as “TCP SEND”. Set pattern content as “^\x00\x00\x00\x13\x52\x55\x00\x0f\x6c\x69\x63\x65\x6e\x73\x65\x5f\x63\x68\x65\x63\x6b\x65\x72″.
3). Check “Block Nest Trader” in your blocking policy.
4). Done. Now Nest trader will also be blocked.