hello every body I have mikrotik RB951Ui-2nD i want block HOTSPOT USER in network 192.168.77.0/24 login to modem router 192.168.1.1 and other network 10.10.10.1 in mikrotik i try firewall Drop rule it didn’t work this is the topology
i try add action=drop chain=forward dst-address=192.168.1.1 dst-port=80,21,22,23,8291 protocol=tcp src-address-list=user wich user is 192.168.77.2-192.168.77.254
Order of rules matters, they are processed from top to bottom and first matching one is used. So if this doesn’t work, some other rule before this one must be allowing it. I rarely use hotspot, but I think it also had some own firewall chains, so make sure the rule is in right place.
thank you for reply this is my firewall rules and nat
I add only first two rules and other rules it show up auto When i generate the hotspot so any thing not usual
Whatever it is, I don’t see it in these images. If the rule is at the top, it much match something. Destination address is clear, ports too. Maybe the list is wrong? Image has “USER”, before you wrote “user”, that would be two different lists, can’t it be that? If not, do some simple debugging. Start with logging rule derived from your drop rule and make it the first one:
/ip firewall filter
add action=log chain=forward dst-address=192.168.1.1 dst-port=80,21,22,23,8291 protocol=tcp src-address-list=USER
Since it has the same options, it won’t log anything. So try to remove options one by one and when is starts to log something, you’ll see which one is not matching, and you can go from there.
thank you for reply it work