Disallow LAN to access configuration of modem using Mikrotik

RouterOS Beginner Basics
1

Hello,

I just learning mikrotik recently. I have internet connection from ISP Provider through a modem,
then this modem connect to mikrotik, and from mikrotik connect to AP

example:
modem 192.168.30.1 ( and public ip 30.30.30.30 ), just example because public ip dynamic
mikrotik 192.168.88.1
LAN 192.168.88.2 - 192.168.88.254 ( DHCP from mikrotik )

I can change setting/config for modem using http://192.168.30.1 or https://30.30.30.30. The problem is I can’t change superuser credential for this modem

Is it possible to block access from LAN to http://192.168.30.1 or https://30.30.30.30 ? If possible please tell me


Thanks, and sorry for my english

2

A simple firewall rule denying traffic to the destination IP will suffice.

3

According to http://forum.mikrotik.com/t/how-to-block-ip-address-in-mt/28609/1

I have tried

/ip firewall filter add chain=input src-address=192.168.30.1 action=drop

But same result, that ip address still accesible through LAN

4

make two changes to your rule

/ip firewall filter add chain=forward dst-address=192.168.30.1 action=drop

5

Thanks all,

Finally I got this work.

Like TroyQ said chain=forward, placed on the top of all forward-accept rule (my mistake, placed on the bottom).

And for public ip. I am using this scipt named “public_ip”

{
/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt
local ip [file get mypublicip.txt contents ]
put $ip
/ip firewall address-list remove [/ip firewall address-list find list="MY-PUBLIC-IP"]
:delay 5
/ip firewall address-list add list=MY-PUBLIC-IP address=$ip
}

Add one more rule same like private ip, but this time using src address list = “MY-PUBLIC-IP”.
Then running with scheduler every 10 minutes to check public ip if changed
on Event

 /system script run public_ip