HI,
ISP network
In core router, I have 2 subnets for infrastructure devices, 5 subnets for customers, how can I block customer subnet so that they can not access infrastructure devices.
Something like:
/ip firewall filter add src-address=192.168.5.0/24 dst-address=172.16.0.0/24 action=drop chain=whichever
You could also use in-interface= or out-interface= if you know which interface you’ll be blocking traffic on.
Probably you should create a test subnet that you’re trying to block and then test it, then move the config to the customer subnets.