Firewall filter rules

Dear all,

I am a beginner in RuterOS. I read a lot on this forum and I decided to use mikrotik, I bought to start RB750GL and with the help of this forum could set to run internet but I have a problem with the firewall filter rules, just do not understand, please for help.

RB750GL V 6.37.1

ether1-WAN : WAN 192.168.1.1/24
ether2-LAN1: LAN 1 192.168.10.1/24
ether3-LAN2: LAN 2 192.168.20.1/24
ether4-LAN3: LAN 3 192.168.30.1/24


I want to have access from the LAN1 in LAN2 and LAN3, LAN2 and LAN3 cannot access LAN1 and LAN3 no Internet access.

Thank in advance

You have two basic options:

a) Block everything by default and specifically allow what you need:

/ip firewall filter
add action=accept chain=forward comment="established & related connections" connection-state=established,related
add action=drop chain=forward comment="invalid connections" connection-state=invalid
add action=accept chain=forward comment="LAN1 -> internet" in-interface=ether2-LAN1 out-interface=ether1-WAN
add action=accept chain=forward comment="LAN2 -> internet" in-interface=ether3-LAN2 out-interface=ether1-WAN
add action=accept chain=forward comment="LAN1 -> LAN2" in-interface=ether2-LAN1 out-interface=ether3-LAN2
add action=accept chain=forward comment="LAN2 -> LAN3" in-interface=ether2-LAN1 out-interface=ether4-LAN3
add action=accept chain=forward comment="forwarded ports" connection-nat-state=dstnat
add action=reject chain=forward comment="everything else" reject-with=icmp-admin-prohibited

b) Do it the other way around and block what you don’t want, e.g. traffic from LAN3 to LAN1, etc.

I recommend option a).

Excellent explained, everything works great. Thanks a lot!