Hello,
I Want to block the packets (connections ) which have already been NAT-ed. (Say, Do not Allow User to share his internet, via windows, or some router)
I’ll be glad To see a nice answer.
I’m using ROS 3.30 version.
Thanks waiting for your reply
Manually set the TTL to 1 for everything you send to the client. That’s supported in the firewall mangle facilities.
or
/ip fi fi add chain=forward in-interface=Local ttl=equal:127 action=drop/reject
And the client will also buy MikroTik device for his gateway and use:
/ip firewall mangle add action=change-ttl chain=prerouting in-interface=WAN new-ttl=increment:1
/ip firewall mangle add action=change-ttl chain=postrouting out-interface=WAN new-ttl=increment:1
