Block PC to access another device in LAN

nubie · March 25, 2013, 6:23am

Dear all,

is it possible to prevent some pc’s to connect another pc’s using mikrotik(in same LAN)( eg ip address 192.168.0.34 cannot connect to 192.168.0.35). I already try to add standard firewall filter rules to do that

 /ip firewall filter add chain=forward protocol=tcp action=drop 
src-address=192.168.0.34 dst-address=192.168.0.35 comment="" disabled=no

the rule above cannot do the job, both that ip address is from DHCP server of mikrotik.

I’m just curious about this, because let’s say in network there is a standard AP and user in network can try to access the conf page, so i’m just want to try to block it the access to the AP ip address completely.

Thank’s a lot and sorry

mixig · March 25, 2013, 7:44am

They are in the same subnet so traffic between is not passing through the Mikrotik, you can configure bridge on Mikrotik, with that you can accomplish your task

nubie · March 25, 2013, 8:54am

Thank’s a lot for your reply, could you please explain to me using bridge to accomplish my need ?

So to accomplish what i need should i separate the segment of the network and using bridge to grouping ? CMIIW

Thank’s a lot and sorry

mixig · March 27, 2013, 7:53pm

Hi,

if you are using bridge there are 2 ways, on bridge port you can enable IP firewall so with that you can block traffic between that two devices (forward chain), or you can use horizon under the ports which are in the bridge (devices which are on the ports with the same horizon number CAN NOT communicate with each other,).

nubie · April 1, 2013, 2:06am

Hi,

I’ll trying that way, thank’s a lot for your time.

Cheers