Hello all,
I got a simple network and I need some help.
my network diagram is :
In mikrotik ports 2-5 are bridge.
pc4 shares file folders so pc1,pc2,pc3 can access them
but also pc4 have enable remote desktop and http service(80,443) and I want to restrict the
access for those only from pc1.
I tried with firewall forward rules but I didn’t work so i need some suggestions.
thank you.
Try below, (Have not tested it)
/interface bridge filter
add action=drop chain=forward dst-port=80 in-interface=!ether2 ip-protocol=tcp mac-protocol=ip out-interface=ether5
add action=drop chain=forward dst-port=443 in-interface=!ether2 ip-protocol=tcp mac-protocol=ip out-interface=ether5
add action=drop chain=forward dst-port=3389 in-interface=!ether2 ip-protocol=tcp mac-protocol=ip out-interface=ether5
add action=drop chain=forward dst-port=3389 in-interface=!ether2 ip-protocol=udp mac-protocol=ip out-interface=ether5
OR below, but MUST enable “Use IP Firewall” in bridge for this to work, which I believe will break Fasttrack.
/ip firewall filter
add action=drop chain=forward dst-port=80,443,3389 in-bridge-port=!ether2 out-bridge-port=ether5 protocol=tcp
add action=drop chain=forward dst-port=3389 in-bridge-port=!ether2 out-bridge-port=ether5 protocol=udp
Thanks for the replay.
I’ll try it and I post results.
Thank you.