Is it possible to null route an ip address and/or subnet in RouterOS?
no NAT and the firewall is off, using it strictly as a router.
yes, add a route rule and tell it to blackhole it (or in routing-test drop?).
yeah. route type=blackhole (simply drop packet) or unreachable (reject packet with corresponding icmp message)
I added it in IP Route Rules which seemed to do the trick
src-address=x.x.x.x/32 dst-address=0.0.0.0/0 action=drop
wasn’t sure how/where to put in route type=blackhole
[admin@MikroTik] > /ip route add dst-address=1.2.3.0/24 type=
blackhole prohibit unicast unreachable
awesome, thx
I assume you can do host routes without a problem so the end user is 1.2.3.4 it would be
/ip route add dst-address=1.2.3.4/32 type=blackhole
…I sure am liking RouterOS…I am now prefering it over Cisco IOS heh
From my past techie experience (haha) I learned that null / blackholing is much less CPU intensive than dropping packets. So using blackhole instead of drop is probably more efficient I would think. Just my guess really.
good to know, I will blackhole instead moving forward
probably because the first is just routing decision, and second one is routing decision + firewall filter =)