Exclude a static IP from the internet.

TheSirStumfy · November 9, 2018, 7:22am

Here is a newbie question for all.

What would be a good firewall rule to exclude a single static IP from the internet, but still maintain full LAN network functionality of said IP address?

Would a rule like
add chain=forward src-address=“staicIPofPC” dst-address=!“LAN” action=reject
be correct?

Also do i need to reverse the rule as well?

Regards.

anav · November 9, 2018, 12:46pm

Why not simpler
/ip firewall
add chain=forward, action=drop, src-address=thatofyourpc, out-interface=wan

sebastia · November 20, 2018, 12:42pm

Actually I would prefer the reject over drop. as this will prevent timeouts on the device in question. Applications will be notified about lack of connectivity