Hi, I want to stop a VLAN communicating with internet only DHCP should work as well as interface, just the gateway to internet.
I’ve disabled on the bridge the fast forwarding and I’ve reated a reject rule on the Firewall about input chain for that subnet as source IP. I still ping google and surf internet, how can I solve it? Which is the most common method to stop routing?
By the time I’ve used the dirty way to assign a fake gateway by DHCP
Thank you
You want forward chain, not input.
input chain TO the router (aka router services)
forward chain ACROSS the router ( wan to lan, lan to wan, lan to lan)
Here you can see why Input won’t work. It is skipped because traffic is forwarded, as sob mentioned, this because of the routing decision: https://help.mikrotik.com/docs/display/ROS/Packet+Flow+in+RouterOS#PacketFlowinRouterOS-Forward