Hi,
Lets say that the ethernet interface is
192.168.1.254 / 254
and the wireless system has
192.168.2.0 /192
and
192.168.2.64 /192
so how would I write a firewall that would be applied to the ethernet port that would block all other ip requests to/from that are not in the above blocks. I also want to block the netbios ports tcp/udp 127-129.
Regards,
Michael
/ip firewall rule input add connection-state=invalid action=drop
comment=“Drop invalid connections”
/ip firewall rule input add connection-state=established
comment=“Allow established connections”
/ip firewall rule input add connection-state=related
comment=“Allow related connections”
/ip firewall rule input add protocol=udp comment=“Allow UDP”
/ip firewall rule input add protocol=icmp comment=“Allow ICMP Ping”
/ip firewall rule input add src-address=192.168.1.0/24 /24
/ip firewall rule input add src-address=192.168.2.0/24 /26
/ip firewall rule input add src-address=192.168.2.64/24 /26
/ip firewall rule input add action=drop log=yes
comment=“Log and drop everything else”
ok this is the example given. and i’ve modied it to what I think will match the above specfications
The ethernet address is a /24 routable network from the internet.