I need help. I can´t figure out how to allow hosts only from 192.168.x.x to pass through eth2 to eth3 and also forbid any traffic coming from hosts 172.19.x.x. .Assuming that I´m using eth2 with an access point without security and using eth3 with the lan switch, with devices using 172 and 192 ip addresses on both sides.
Thanks in advance
Rodrigo
This will block everything except 192.168.0.0/16 passing through the device coming in eth2 and going out eth3
this does Not block anything going the opposite direction
/ip firewall filter
add chain=forward in-interface=eth2 out-interface=eth3 \
src-address=!192.168.0.0/16 action=reject
itmethod, thank you so much for your reply… it didn’t work but I guess it’s because I’m using “bridge” to link these two ports. Actually, I don’t know how to make connections coming from eth2 and going out to eth3 without using bridge… any ideas?
For bridges you can add filters under /interface bridge filter (Bridge->Filter in Winbox).
Use the forward chain to define the conditions you need (interfaces, IPs) and create drop filters (Action).
Now it works, I managed to block a specific subnet with these filters.
Thanks a lot