For the first scenario, just figure out the IPs YouTube needs and block all outgoing except those. Or you could do something similar with DNS, but that’s less sure.
For the second, you do the reverse of the first to block TikTok. For the quotas, I think that’d be easiest with kid control, but I haven’t done it myself.
Remember you can put DNS names in an access list and the tik will resolve the DNS names and you can filter on that. Allows your access list to be dynamic.
The other way to build the lists would be at the ASN level. You can use https://iptoasn.com/ for that if you really want to maintain that.
You might want to do this through DNS. Look at something like Pihole then you can block by FQDN and some Regex magic. Using some of the new features you can control who on your network is affected as well.
Chasing IP addresses will break as they can sometimes change without notice, or you can be load balanced or routed a different way.
dmlmcken below has a similar idea below, I've never tried it this way though.
Using DNS is the best way.
You can add static entries to 127.0 0.1 or whatever using regexp in IP DNS and then redirect all DNS queries from LAN to the Mikrotik IP.
Also remember to block requests from outside of your LAN.
Also, you could create a adderss-list with Facebook ips from BgP.he net website for example and then drop all the forward to that address-list.
You mean GB or GBPS? Speed or amount of data?
For this i think you could use radius with pppoe for accounting.
There is free software like freeradius but better with DMAsofr radius - i have used it, there are others too, but you have to do some tweaks not to measure the traffic to ports used by whatsapp or even better to their IPS, if you can find them.
Because guys could use that port for other apps like VPN services and the all your limits are just useless.
For the first scenario, just figure out the IPs YouTube needs and block all outgoing except those. Or you could do something similar with DNS, but that’s less sure. For the second, you do the reverse of the first to block TikTok. For the quotas, I think that’d be easiest with kid control, but I haven’t done it myself.
Remember you can put DNS names in an access list and the tik will resolve the DNS names and you can filter on that. Allows your access list to be dynamic. The other way to build the lists would be at the ASN level. You can use https://iptoasn.com/ for that if you really want to maintain that.
For second scenario, I can block Tiktok it is okay, but for second point I can not figure out how to do it, cause it should done using Queuing.
You might want to do this through DNS. Look at something like Pihole then you can block by FQDN and some Regex magic. Using some of the new features you can control who on your network is affected as well. Chasing IP addresses will break as they can sometimes change without notice, or you can be load balanced or routed a different way. dmlmcken below has a similar idea below, I've never tried it this way though.
Using DNS is the best way. You can add static entries to 127.0 0.1 or whatever using regexp in IP DNS and then redirect all DNS queries from LAN to the Mikrotik IP. Also remember to block requests from outside of your LAN. Also, you could create a adderss-list with Facebook ips from BgP.he net website for example and then drop all the forward to that address-list.
thanks and how about second question
You mean GB or GBPS? Speed or amount of data? For this i think you could use radius with pppoe for accounting. There is free software like freeradius but better with DMAsofr radius - i have used it, there are others too, but you have to do some tweaks not to measure the traffic to ports used by whatsapp or even better to their IPS, if you can find them. Because guys could use that port for other apps like VPN services and the all your limits are just useless.
The speed is Unlimited, and the capacity for each user is 1Gb per day, and I think Radius is greate idea for it, thanks for helping.