How to block ping from Internet to MikroTik, and MikroTik still able to ping Internet (google.com)?
I tried with ip firewall filter chain=input action=drop protocol=icmp in-interface=pppoe-out1
It works with blocking ping from Internet but MikroTik became unable to ping Internet. I want MikroTik is still able to ping Internet. LAN is also able to ping Internet.
The purpose is to block intruder/hacker from Internet trying to ping to my network.
How to block ping from LAN to ether1 (Modem (Bridge) & MikroTik)? Not blocking with ip, but blocking with interface ether1.
I tried with
ip firewall nat chain=input action=drop protocol=icmp dst-address=10.0.0.1 in-interface=ether2
ip firewall nat chain=input action=drop protocol=icmp dst-address=10.0.0.2 in-interface=ether2
It works, but it is blocking with IP which is not efficient, if I have many devices on 10.0.0.0/24 then I should add them all. I think it is much simpler just block ether1, is it possible?
The command above block only from ether2 to ether1, and by blocking from ether2 to any devices behind ether1, i use
/ip firewall filter chain=forward action=drop protocol=icmp in-interface=ether2 out-interface=ether1