Hi…
Can anybody tell me how can i drop pingin in firewall rule..
i tryed with Drop Input, and then accept input with avaiable ip but the same thing, i cannot ping but i can access in it..so what i wANNA do is…nobody canot ping my router ip..just my pc ip..is any firewall rule about this or what..somebody help me because i need it very much…
Bye bye
Greetings!
The order of the rules in the firewall filter list is important. If you are looking to block pinging, traceroute, etc from all but your address set, then:
/ip firewall filter
add chain=input protocol=icmp action=accept src-address=xxx.xxx.xxx.xxx/yy place-before=0
add chain=input protocol=icmp action=drop place-before=1
xxx.xxx.xxx.xxx/yy is the IP subnet for your local net.
look, i tryed Accept rule first, and the drop rule second, but nothing happened.. i steal can ping the router, but when i placed drop rule first, and accept rule second, then i cannot ping the router, but i cann access on it..
P.S. i cannot ping it from my subbnet ip that i added in source-address, but i just can acces on it with winbox…
The order is backwards. The rules need to be reversed. In this order, the second rule is never applied.
ADDED: Think of these rules as IF..THEN..ELSE statements. These should be approached as:
IF(protocol AND IPsubnet) THEN ACCEPT
ELSEIF(protocol AND IPsubnet2) THEN ACCEPT
ELSEIF (protocol AND everything_else) THEN DROP