Hello
I have a router that connect to the internet
I want to be able to connect to him only using the Ethernet to port 80
how do I do this?
this is what I have open
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
thanks ,
Paste this on new terminal and you can reach the router only from http (webfig):
/ip service
set api disabled=yes
set api-ssl disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set winbox disabled=yes
set www address="" disabled=no port=80
set www-ssl address="" disabled=yes
/tool mac-server
set [ find ] disabled=yes
/tool mac-server mac-winbox
set [ find ] disabled=yes
/tool mac-server ping
set enabled=no
/tool bandwidth-server
set enabled=no
/ip dns
set allow-remote-requests=no
/ip smb
set enabled=no
/ip upnp
set enabled=no
/snmp
set enabled=no
I don’t think you understand
I want to be able to enter the webconfig using http only from ether1
and not from the IP of the SIM
the Ethernet network is 10.0.0.0/24 - the router is 10.0.0.1
the IP I get from the SIM is 2.1.23.25 (example)
when I enter 2.1.23.25 I get the webconfig (with any computer that connect to the internet)
I want to disable it
and just from computer that connect using cable to be able to enter the router
only from 10.0.0.1
You do that with ip firewall.
this I know (as you can see in the topic of the post)
but I don’t know how to do this
this is my question
Thanks ,
Maybe post a
/ip firewall filter export
So we can see what rules you currently have.
Without more info about your interfaces the most simple rule i can offer is :
/ip firewall filter add chain=input dst-address=2.1.23.25 dst-port=80 proto=tcp action=drop
But it is better to write some more rules in the input chain for your wan interface to accept only what is needed and drop everything else.
I don’t have any rules in the firewall yet.(this is why I didn’t post nothing)
Would block hangout by the firewall mikrotik, someone already did it?