Dear Sir,
Now i want to block my local intranet to some users.
those intranet use port: 81-84
IP address: 192.168.100.150 - 192.168.100.154
I have try to filter port and address but those group still can access.
ip firewall filter> add chain=forward src-address=10.10.10.30 protocol=tcp dst-port=81-84 action= drop
This rule is correct or not?
Please help to solve it!
Regard,
If you want to block 192.168.100.150 - 192.168.100.154 then you have to set these addresses as src-address. In your rule src-address is 10.10.10.30
Ok, now i have another example and i hope you can explain me clearly:
Ex: I have username=rakou (this users is stay under Mikrotik)
IP: 10.10.10.30
Now i want to block this IP by do not allow access(Remote, Ping, IP Scan,… ) to Range: 192.168.20.50-192.168.20.80 and this range add to address list name=Intranet-Rang
As i add firwall filter now:
ip firewall filter> add chain=forward src-address-list=Intranet-Range dst-address=10.10.10.30 action= drop
So this rule is correct or not?
Rakou,
Quote:
ip firewall filter> add chain=forward src-address-list=Intranet-Range dst-address=10.10.10.30 action= drop
So this rule is correct or not?
What that rule means is that every traffic starting at the address list Intranet-Range (192.168.20.50-192.168.20.80) intended to go to the ip 10.10.10.30 will drop…if that is you want to do…yes…the ip 10.10.10.30 won’t have requirments from those ip’s, and well everything also depends on your other filter rules, why don’t you give us the filter rules you have so we can check it out and see if there is any more configuration.
Ok, sir. I have add two rule in the firewall filter:
ip firewall filter> add chain=forward src-address=10.10.10.30 protocol=tcp dst-port=81-84 action= drop
But when i add this rule all clients under Mikrotik range(10.10.10.0/24) can’t access to Intranet-Range at all. So why this rule affect to all clients?
IP firewall filter> add chain=forward src-address=10.10.10.50 dst-port=80 action= drop
So this rule can be accept or not?
I wish you can show me the really code to solve this problem because i really conflict with Mikrotik Firewall rule work and how to add second rule to work!
Regard,
Ok show me a diagram of your network and print the ip configuration in your router and also the firewall configuration…
I can take a look and see what’s wrong, and make the modifications
IP firewall filter> add chain=forward src-address=10.10.10.50 dst-port=80 action= drop
here it iz quite evident that u r dropping port 80 for IP 10.10.10.50 so how will the user access the web whr most sites use port 80
One question how do I block ports 81 to 65536
Gateway is 192.168.2.1
Thanks
How do I block all ports except 80 & 443 on lan eth2
In winbox step by step configuration
Gateway ip is 192.168.2.1
Also pictures would be nice too to show me how to do it
Thanks
/ip firewall filter add chain=forward action=accept protocol=tcp dst-port=80
/ip firewall filter add chain=forward action=accept protocol=tcp dst-port=443
/ip firewall filter add chain=forward action=drop
Will this code work to block all ports but 80 & 443
And where do I put this code for it to work
Thanks
/ip firewall filter add chain=forward action=drop protocol=tcp dst-port=!80,443
block all tcp ports except 80,443