In this lesson, I will show you how you can blocking Social Media websites for your internal users who are getting internet service from the Ubiquiti EdgeRouter.
Very important to remember, your should have the EdgeRouter updated to the latest version and the Deep Packet Inspection (DPI) should be enabled. If you are unsure whether DPI is enabled, just go to the EdgeRouter CLI and write the following
[email protected]:~$ configure  [email protected]# set system traffic-analysis dpi enable [email protected]# set system traffic-analysis export enable
Once done, we can continue on the graphical user interface the configuration. But just as curiosity, I want to show you that all social media websites have been added in a Category on the Ubiquiti EdgeRouter and you can find it using the following command:
[email protected]:~$ sudo /usr/sbin/ubnt-dpi-util show-cat-apps Social-Network Applications in category [Social-Network] ======================== 500px 51.com 5ch adultfriendfinder after-school ameba aol-answers badoo bai-sohu bebo-social-network blogger chatme class-chinaren classmates clien.net cooltalk-social-network cyworld datingdna daum-blog dcinside delicious douban draugiem dudu eharmony facebook fancy fc2 flickr fling.com fmylife fotolog- foursquare friendster gamer gree hatena hi5 hootsuite hyves i-part/ipair iaround instagram jackd jiayuan jivesoftware kaixin khan-academy linkedin livejournal lokalisten lovethesecurves me2day meetme meetup mei.fm meinvz/studivz mekusharim mig33 miliao mixi.jp myspace naver-blog netlog ning niwota nk.pl odnoklassniki orkut pairs panoramio path perfspot pinterest pixnet plaxo plurk renren.com skout skyrock snappytv streetlife tagged tencent-qq touch tuenti tumblr tweetdeck twitter twoo viadeo vine vkontakte weheartit weibo weico wordpress xing xuite yahoo-blog yahoo-mbga.jp yammer yik-yak zoosk [email protected]:~$
You see that Facebook, Linkedin, Twitter and a lot of other social network websites are categorized under the Social-Network category
Let's now configure the Firewall Rules to stop the Social Media website.
First, let's check if we can open Facebook.com:
As you can see, this is possible.
Let's start creating the Ruleset on the EdgeRouter X.
I have created a Ruleset, named it Block_Social_Media with Default Action as accept and I have enabled the Default Log then clicked Save.
Let's start now configuring the Rule to block the Social Media Websites.
From the Ruleset, you click on Action then Edit Ruleset
Then Ruleset configuration window will show up. Click on Add New Rule
A new window will pop up:
Give it a description, Action to be drop, and enable Logging then click on Advanced Tab
Choose the Application to be Social-Network and click on Save.
Now on the Ruleset Configuration, go to Interfaces Tab, and select your LAN interface on the interface (in my case it is switch0 interface), then on Direction make it in and click Save Ruleset. This will apply the Firewall rule on the interface the way in to the router.
Let's open now Facebook.com and check if it is still working:
As you can see, it is not. Same will apply for the whole list of social media applications that are inside the same category such as Twitter, Linkedin and so on.
Let's check the statistics on the Firewall rule to see if it is working:
You can see that the Social-Media rule that we have created is blocking already 133 Packets and those are mainly for the request that I have made on the browser to open Facebook.com
The 2nd rule which is rule number 10000 is allowing anything else, that's why I have the default action to be Accept.
In this lesson I have showed you how to block Social Media traffic on the Ubiquiti Edge Router. Same you can apply for other categorized websites such as Business, instant messaging, P2P, Stock Market, etc...
If you like to know more about Ubiquiti EdgeRouter and what it can do, I have a course speaking about the EdgeRouter which is "Ubiquiti Broadband Routing & Switching Specialist with LABS" and this is covering the whole Ubiquiti UBRSS course Track. You can get it on the following URL: