i want to block ip is 172.30.12.30 to 172.30.12.255 . how can this plz help me
There are TWO Ways..
-
Create Address List “Allow IP” from /ip firewall address-list -172.30.12.1 to 172.30.12.30.
Use src-nat (If Nated with Public IP) and instead of using src-nat use src-address-list. -
Create Address List “Drop IP” from /ip firewall address-list -172.30.12.31 to 172.30.12.255.
Use Firewall Filter and drop the IP List.
ashishbha plz full script i will try but not done
Read the manual don’t ask to be spoon fed the whole time 
/ip firewall filter add chain=forward src|dst-address=172.30.12.0/27 action=accept
/ip firewall filter add chain=forward src|dst-address=172.30.12.0/24 action=drop
You really give too little information to be spoon fed in any case, so there, now you have two ways on how to do it.
why not just
/ip firewall filter add chain=forward src|dst-address=172.30.12.30-172.30.12.255 action=drop
? =)
i am trying this /ip firewall filter add chain=forward src|dst-address=172.30.12.30-172.30.12.255 action=drop …surfing off but all peer to peer & downloading not off
If it is happening on the same subnet you can’t block it at the router.
also, if this rule is below rule that accepts related connections - it will drop only new connections
go ip ,address list & select local lan interface & example address 172.30.12.1/27 brodcast 172.30.12.30 network 172.30.12.0 interface local it is 100% working without queue 172.30.12.31 to 172.30.12.255 user not access internet any way (downloading & p2p )