How Can I Allow Limited Sites To Selected Ips.
Like I Want to Allow Just Google.com to LAN Users 192.168.5.6-192.168.5.10
Create two address lists, one populated with the local hosts that have their traffic limited, one with the IPs those hosts are allowed to pass traffic to. Then drop all traffic from the first address list not targeted at the second.
This example:
[admin@testbox] > /ip firewall address-list add list=limited-machines-local address=192.168.5.6
[admin@testbox] > /ip firewall address-list add list=limited-machines-local address=192.168.5.7
[admin@testbox] > /ip firewall address-list add list=limited-machines-allowed-targets address=10.1.0.1
[admin@testbox] > /ip firewall filter add chain=forward action=drop src-address-list=limited-machines-local dst-address-list=!limited-machines-allowed-targets
would drop all traffic from 192.168.5.6 and 192.168.5.7 to any destination other than 10.1.0.1.
It’s cheaper and easier to filter by IP destinations than to use layer 7 inspections.
HTH,
Felix
May i have these tips in Winbox Interface.