Blocking Internal Customers

rootdet · June 17, 2010, 3:27pm

Hi All,

We have wha we refer to Sessional_Hold Customers that we have MicroTik issue a special IP range for which ois 10.190.1.2 - 10.190.1.254. We labeled this under IP > Firewall > Address Lists as Sesional_Hold. It is all setup to issue IP’s based on the profile it gets from our radius server.

What i need to do is figure out a way to block all traffic from crossing the MikroTik. IE, we do not want them to send or recieve data from the outside world.

What is the best way to produce these results?

fewi · June 18, 2010, 1:22pm

/ip firewall filter add chain=forward src-address-list=Sessional_Holder action=drop
/ip firewall filter add chain=forward dst-address-list=Sessional_Holder action=drop

And make sure to move them above any rules that might accept that traffic.