How do I configure this in mikrotik?
Access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
Access-list 100 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
Access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
Access-list 100 deny ip 192.168.5.0 0.0.0.255 192.168.2.0 0.0.0.255
Access-list 100 permit ip any any
It should look something like this:
/ip firewall filter
add chain=forward action=accept src-address=192.168.2.0/24 dst-address=192.168.4.0/24
add chain=forward action=accept src-address=192.168.4.0/24 dst-address=192.168.2.0/24
add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.5.0/24
add chain=forward action=drop src-address=192.168.5.0/24 dst-address=192.168.2.0/24
add chain=forward action=accept
You don’t need the last rule to allow all as MikroTik will allow all by default.
I prefer… shorter and more efficient.
/ip firewall filter
add chain=forward action=accept src-address=192.168.2.0/24 dst-address=192.168.4.0/24
add chain=forward action=accept src-address=192.168.4.0/24 dst-address=192.168.2.0/24
add chain=forward action=drop
But if the two rules are true… WHY WOULD ONE NOT JUST MAKE IT ONE SUBNET???
To limit amount of broadact traffic?
But if that shall be true ACL (in MikroTik parlance), then I think it has to be defined under “/interface ethernet switch rule” according to this page:
https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#Switch_Rules_.28ACL.29 for the CRS3xx devices.