hello friends
our clients give public ip and anyone over internet can access to their port and communicate.
if a client set he’s PPPoE user on a Access point or modem with default password , anyone can access to he’s modem from outside with default password and see configuration or account info .
what’s the best solution to prevent this problem (or bug) .
how can i block port 80 from outside to my clients ?
clients IP Address is : 47.45.45.1/24
thanks 
You need to create firewall rules to allow established and related connections and to drop any new connections coming in on pppoe-out1.
/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add action=drop chain=input comment=“default configuration” in-interface=
pppoe-out1
By default Mikrotik have a drop rule in place for ether1 (on an RB751G for example) so you may need to copy that existing rule and change the incoming interface.
I have about ~200 Online user connect trough my router PPPoE Server .
each user give a Public IP Address and can be see outside the network .
That solution work for me ?
I provide internet to my clients with public IP pool , my clients have modem or accesspoint on PPPoE Router mode.
for example (PROBLEM) : clients connect to internet and give Public IP address , if anyone try to scan port 80 of our IP pool network , can see our customers Accesspoints or Modem (used as PPPoE Connection) , some of devices have default (admin/admin) as user/pass and anyone can see the configuration and accounts info from customer devices .
now , how can I restrict to protect my customers from attackers on outside or inside (for example disable communication from my outside internet to clients)
No anyone know ?
Hi,
try with this command from terminal
/ip firewall filter add action=drop chain=forward dst-address=47.45.45.0/24 dst-port=80 protocol=tcp