Hello,
Has anyone filtered traffic by TTL, I have done this in Linux Gentoo. I can not find a way of doing it in Mikrotik RouterOS.
What I want to achieve is to filter NAT, my clients to not be able to use LAN sharing etc etc, I’m talking about clients that do not have right to NAT just one IP for one PC.
So, if somebody has done this in RouterOS, please share that info.
Regards.
Faton
Hi,
These are the rules on gentoo router, so anyone can translate it in RouterOS ?
/sbin/iptables -N RESIDENTIAL
#NAT FILTERING
/sbin/iptables -A RESIDENTIAL -m ttl --ttl 127 -j RETURN
/sbin/iptables -A RESIDENTIAL -m ttl --ttl 63 -j RETURN
/sbin/iptables -A RESIDENTIAL -m ttl --ttl 31 -j RETURN
/sbin/iptables -A RESIDENTIAL -m ttl --ttl 254 -j RETURN
/sbin/iptables -A RESIDENTIAL -j DROP
Regards.
Faton
You can change TTL but I don’t believe you can detect TTL … would be a nice addition.
Sam
It works in gentoo, just create a new chain in my case I have created RESIDENTIAL chain, and than applied the rules.
I also didn’t find in MT any TTL detection rules, I’m agee it … would be a nice addition.