/ip firewall filter add chain=forward action=drop time=“20:00:00-23:50:00,mon,tue,wed,thu,fri,sat,sun” src-mac-address=F8:A9:63:34:B9:91
I have the above filter in place. When the time hits I can see the packets counting on the GUI interface which start counting exactly at the time the filter starts. However the workstation is still able to continue working.
I rebooted the router but still no luck. Any ideas?
I have something similar and it works fine.
add action=drop chain=forward comment="Block 2100 to 2230. Mon-Thu, Sun" src-mac-address=AC:38:70:14:B4:50 time=21h-22h30m,sun,mon,tue,wed,thu
Can you export your firewall filters?
/ip firewall filter add action=drop chain=forward src-mac-address=F8:A9:63:34:B9:91 time=21h15m-23h59m,sun,mon,tue,wed,thu,fri,sat
the weird part as I said is when the time of day hits then on the GUI you see the byte counters show the traffic.
Probably existing connections from the host keep working via an earlier rule that accepts established/related connections.
Go in the connections tab and remove all connections with that host’s IP and I bet it kills everything. If so, make a script to do this and schedule it for 1 minute after the rule kicks in.
this is the only rule I have. Been pretty simple up to now. How would I make a script to drop that connection? Shouldnt it drop by itself just from the rule however?
THANK YOU
Not quite sure I follow your meaning - do you mean that your forward chain has only one rule, that being the time-of-day filter?
post the results of this command in a terminal window:
/ip firewall filter print detail where chain=forward
(enclose it in a
block for readability.)
I got this working. The IP Firewall didnt seem to kick the user off at the time. So as per your suggestion I added a schedule one minute later to drop the DHCP. That worked great! Problem solved! Thanks for everyone’s help!