Hi.
how to hide the mikrotik 5.0rc3 router’s first page (http://router-address) for all visitors except admins?
Restricting access to it so that only specified Admin machines can connect is one possibility, either via the server config (allowed IP) or using firewall rules (IP or interface). The problem is that until you logon there’s no other way for it to know that you’re an admin. If restricting access by IP or router port isn’t practical, other possibilities include changing the port to be something nonstandard so that it’s less visible. Note that the two examples given below are incompatible as written. Do not mix them.
Limiting via service config and using nonstandard ports:
# This assumes the admin segment is 192.168.1.248 - 192.168.1.254
# so you probably want to make sure your DHCP server either doesn't hand these out
# or always assigns them to admin machines via MAC address binding.
/ip service
set www address=192.168.1.248/29 disabled=no port=980
set www-ssl address=192.168.1.248/29 certificate=XXX disabled=no port=943
Limiting via firewall rules:
# This assumes that your servers are at standard ports (unlike above!!!)
# but admin machine(s) are either connected on ether5 or named in an address list
/ip firewall filter
# Send all these requests to the admin validation chain...
add chain=input action=jump dst-port=21 jump-target=admin
add chain=input action=jump dst-port=22 jump-target=admin
add chain=input action=jump dst-port=23 jump-target=admin
add chain=input action=jump dst-port=80 jump-target=admin
add chain=input action=jump dst-port=443 jump-target=admin
add chain=input action=jump dst-port=8291 jump-target=admin
add chain=input action=jump dst-port=8728 jump-target=admin
# This chain only allows requests from designated admin machines.
add chain=admin action=accept in-interface=ether5-admin
add chain=admin action=accept src-address-list=admins
add chain=admin action=drop comment="Anyone else gets dropped"