Controlando y Bloqueando sitios webs vía script

El siguiente script muestra como poder lograr tener un control de algunos sitios web -para luego hacerle cualquier tipo de tratamiento- a través de las resoluciones DNS de nuestro servidor.

Lo primero debemos redirigir todas las solicitudes dns hacia nuestro router

/ip firewall nat
add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53

Luego colocamos el siguiente script para que tome los sitios “rapidshare” y “youtube” para colocarlos en una lista llamada “restricted”, si deseamos bloquear esos sitios podemos utilizar la siguiente regla de firewall:

/ip firewall filter
add chain=forward dst-address-list=restricted action=drop

Actualización Sep/10: Se ha encontrado un nuevo script que realiza la misma tarea – Agregar sitios a un address list – .
:local hostnames "www.google.com, www.mikrotik.com, routerboard.com"

# Internal processing...
:local Script "Hostname-To-AddressList"
:local hostip
:local oldip
:local dnssearch
:local addrlistsearch

:foreach h in=[:toarray $hostnames] do={
:set hostip ""
:set dnssearch 0

:put ("Resolving " . $h . "...")

# Search DNS cache first
/ip dns cache all {
:set dnssearch [find name=$h]
:if ([:len $dnssearch] > 0) do={
# Only retrieve DNS A records
:if ([get $dnssearch type] = "A" || [get $dnssearch type] = "a") do={
:set hostip [get $dnssearch data]
}
}
}

# If no IPs found, resolve hostname
:if ([:len $hostip] = 0) do={
:set hostip [:resolve $h]
}

# Search address lists
/ip firewall address-list {
:set addrlistsearch [find list=$h]
# Did we find address list with hostname?
:if ([:len $addrlistsearch] = 1) do={
:set oldip [get $addrlistsearch address]
:if ($oldip != $hostip) do={
:log info ($Script . " " . $h . " IP changed: (" . $oldip . " -> " . $hostip . ")")
set $addrlistsearch address=$hostip
}
} else={
# No Address List found with hostname
:log info ($Script . " Adding address list " . $h . " address " . $hostip)
add list=$h address=$hostip disabled=no
}
}
}

Versión Anterior (también funcional)

El script es el siguiente:
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
:local cacheName [/ip dns cache all get $i name] ;
#    :put $cacheName;
:if (([:find $cacheName "rapidshare"] != 0) || ([:find $cacheName "youtube"] != 0)) do={
:local tmpAddress [/ip dns cache get $i address] ;
#:put $tmpAddress;
# si el address list esta vacio no chequea
:if ( [/ip firewall address-list find ] = "") do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
} else={
:foreach j in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
:if ( $bNew = "true" ) do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
}
}
}
}
# THE END--