Blocking interVLAN traffic

Hi guys

I have a site with quite a few Vlans set up and I only just realised that I can ping IP’s across different Vlans. I’d like to block and traffic between all vlans like what OP wanted here: https://superuser.com/questions/1021136/how-to-isolate-networks-with-a-mikrotik-router

There are 32 Vlans though, will I have to make 32 rules for each Vlan? 1024 firewall rules? That doesn’t sound right.

Maybe a rule to drop all packets not destined to their own default gateway?

Maybe a magical button that will just make everything ok?!

Thought I’d consult you guys first before messing around.

Thanks

Pretty sure you could just do this
ip firewall filter add in-interface=all-vlan out-interface=all-vlan action=drop

Hi,

in case you have configured the VLANs as VLAN interfaces on a RouterBoard, just add the VLAN interfaces in a interface list and create a block rule in forward chain with this interface list as source and destination.

Edit: I just saw the answer posted before mine. This is the simplest solution, but with interface lists you’re a little more flexible. Apart from that, the solution provided is fine.

Regards,
Ape

Wouldn’t that block a vlan from itself though?

I was thinking one of these for each VLAN:

chain=forward action=drop in-interface=Data VLAN out-interface-list=!WANs log=no log-prefix=“”

It’s blocking interVLAN pings on my office network. Can anyone think of any issues this would bring up before I roll it out?

Actually you guys are right. allvlans as the in and out interface seems to work. Thanks a lot guys.