Allow specific IP Address to access the internet

timyot · January 30, 2022, 7:06am

Hi,

I am new to MikroTik thing, but I am on learning stage.
I wanted to block /24 network to access internet, however I wanted specific IP Address under that network to have internet access.

Any suggestion and guide, would be greatly appreciated.

Regards,

anav · January 30, 2022, 3:37pm

I would look at your firewall settings and review Section B linked here - https://forum.mikrotik.com/viewtopic.php?t=182373

With a drop all rule at the end of chains on firewall rules, nothing is allowed unless specified
So for example the standard LAN to WAN remove can be modified.

add chain=forward action=accept in-interface-list=LAN out-interface-list=WAN src-address-list=authorized.
Where authorized is a list of IP address you select.

Suggest read the links, modify the config and if still having issued, come back and post your config
/export hide-sensitive file=anynameyouwish

timyot · January 30, 2022, 6:24pm

Hi Anav,

Thank you for quick help tips.

I just added this filter rules and it seems it works on my end.

Please check, and let me know if this does make sense.

/ip firewall filter
add action=accept chain=forward comment="Authorized Network" in-interface=\
    bridge_lan out-interface=1-WAN1 src-address-list=Authorized
add action=drop chain=forward comment="Block Network" in-interface=bridge_lan \
    log=yes out-interface=1-WAN1 src-address-list=BlockNetwork

I have added 2 filter rule, first was forward or accept while the other one is opposite.

Thank you

anav · January 30, 2022, 7:32pm

Hi timyout,
If you put this rule

add chain=forward action=drop comment=“drop all else”

Then you wont need the second rule… nor any other rule that you need to put in to stop traffic.

timyot · January 31, 2022, 1:06am

Iquote=anav post_id=909386 time=1643571179 user_id=115581]
Hi timyout,
If you put this rule

add chain=forward action=drop comment=“drop all else”

Then you wont need the second rule… nor any other rule that you need to put in to stop traffic.
[/quote]

If I change my filter rule for this, it does do the same?
I only wanted to block /24 network by default which is getting from dhcp server from accessing to internet those unknown ip address.
for those I authorized, I just manually added them to address list and add another rule to allow the authorized address list to have internet access enabled.

I apologize, if don’t get it as you suggested.

i really appreciate your kindness

anav · January 31, 2022, 1:08am

No worries, if its working for you know, ignore my advice LOL.
All good!!

timyot · January 31, 2022, 12:49pm

I just rebooted the routerboard.
internet is not accessible using the filter rules that I executed

I am curious with the thing you have suggested.