HI,
I’m trying to block access on a few IP addresses and it doesn’t seem to be working;
;;;Block computers on LAN
chain=forward action=drop src-address-list=blocked dst-address-list=blocked
I’ve added the IP to the that list I want blocking but it doesn’t seem to be working. This rule is right at the top of my firewall list, but futher down the list I’ve got various rules regarding the whole LAN - would this be causing an issue?
rules go in order from top to bottom.
is that source and destination ip in that same list?
Yes - it in the same list, and given it is at the top, there shouldn’t be any issues with that.
All that rule is doing is preventing devices that are in the address list from talking to each other, and is not blocking anything else, i.e. talking to another device on the network. Also it depends no how you have the network set up, if both computers already have an ARP entry for the other, unless you have some way to isolate them before they reach the router, they will just use that ARP entry to talk to the other and not even use the router.
If you are using the a bridge for multiple Ethernet ports, be sure to set the bridge to use the IP Firewall.