I would like to block certain types of inbound traffic on my hotspot interface, as soon as it enters the router before any hotspot processing etc takes place.
What chain would I use for these rules? Any other catches? I have tried a few ideas with no luck.
Thanks!
The correct chain will most likely be forward. This is true if you are blocking traffic that is between your LAN clients and any other location which is not the router. If you are blocking traffic that is directed to the router, the chain will be input. With the hotspot in place, its sometimes easier to disable the dynamic hotspot rules for troubleshooting purposes.
I have not had any luck with my rule, I can block successfully on a switch the mikrotik plugs into. I have tried input and forward, any other ideas?
What type of traffic are you specifically trying to block? Can you post the rule(s) that you are using?
Trying to block ICMP type 5 messages:
Cisco ACL example that works:
access-list 100 deny icmp any any redirect
I have tried :
chain=input protocol=icmp type=5:0-255 action=drop
chain=forward protocol=icmp type=5:0-255 action=drop
To elaborate, trying to block these packets from being seen / processed by hotspot.
No matter what chain I put them in, hotspot still see’s them.
I made sure the rule was placed in front of the dynamic rules as well.