I tried this command in 2.9.27
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=21,22,23,80,443,8291,8728
but I get error
item number must be assigned by a print command
use print command before using an item number in a command
as i remember u can’t use multiple ports at single filter rule. You should try add rules by seperate ports.
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=21
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=22
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=23
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=80
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=443
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=8291
/ip firewall filter add place-before=0 chain=input action=drop src-address=!192.168.2.60/32 protocol=tcp dst-port=8728
At least in later versions you can have a comma-separated list of ports.
The error indicates that you didn’t run “/ip firewall filter print” before adding a rule. Earlier versions of RouterOS require the use or print commands to be able to use numerical indices for the rules, as the print command generates the human-readable index.
thank you danny
U’re welcome. Yup - starting from ROS 3.30 you can use coma to add more ports to single filter rule and NAT.