how can block all traffic except http and https for a vlan by using MT->firewall->filter
thanks alot
Specify the in port in the firewall matcher to VLANXXX with the appropriate drop and accept rules.
This is assuming that you have VLANs set up right on the MikroTik and network.
Real example for vlan x ?
Simplest form:
/ip firewall filter
add chain=forward in-interface=vlanX protocol=tcp dst-port=80 action=accept
add chain=forward in-interface=vlanX action=drop
Of cord that won’t be sufficient. You probably need HTTPS, and DNS. Add rules for those ports/protocols. See the wiki for the manual and examples.