Easiest way to block an IP

iam8up · July 18, 2008, 4:11am

The application I am currently using is a firewall rule that matches the input chain and the noobs address list. The complication I have is that if they have already established a connection with something on my NAT’ed servers it isn’t blocked.

I then attempted to block this traffic by duplicating the rule and then made it match the forward chain, but it doesn’t seem to be working, as in not matching any packets. The rule was right below the first one.

Does anyone know what I have done wrong?

Chupaka · July 18, 2008, 9:28am

you didn’t post your config =)

Dragonmen · July 18, 2008, 9:48am

Do in the console

/ip firewall export

iam8up · July 18, 2008, 2:46pm

Doing an export an looking for the two rules made me realize that there was a duplicated rule well above my new one.

Sorry for the hassle! Need some sort of an auto sort function for these rules =P

normis · July 21, 2008, 12:06pm

rule order is important and Winbox can sort rules without breaking order, so that might help/