chain=forward src-address=192.168.10.25 protocol=tcp action=drop
whatever i config the chain is forward , output . the host(192.168.19.25) can access the internet still?
how can i do this filter ?please tell me .
Make sure you are using correct ‘src-address’, as firewall rule contains different address.
Probably, there are some other rules before current rule, that are accepting traffic with required ‘src-address’.
I am sure the “src-address” is correct and there is any rule before the rule. because there is only a rule.
Note, that you are blocking only TCP traffic, but customer may use other protocols.
Check with torch for the traffic is generated by the user.
Dear sergejs:
Thanks for your responing.
whatever i use the protocol =tcp or ucp or any . the host can access the internet still.
try to set without protocol
drop also packets that destination is set to that address
Use IP ARP REPLY ONLY to add only the ips you want to accept on the interface and it automatically blocks all other ips.
i have already tried to set without protocol . but the host still can access internet.
make static ARP address
then just change like this
before 00:xx:xx:xx:xx:xx
/ip arp add address=192.168.0.3 mac-address=00:11:D8:72:F2:60 interface=LAN
after F0:xx:xx:xx:xx:xx
/ip arp add address=192.168.0.3 mac-address=F0:11:D8:72:F2:60 interface=LAN
(using WINBOX is easier)
100% work
even access to router with ping is not possible thats how i stop 