Hi Friends Good evening one and all… 
I am using mikrotik 5.5 version. Now i want to block the access to a particular for a particular pravite IP.
please help me…
This sounds more like a firewall question than a scripting question.
Are the private IPs statically assigned? If so a pair of firewall rules should work if you have the firewall enabled and put it at the right place in your forwarding chain. Assuming that the customer is on 10.10.10.10 and the remote site(s) address is 169.254.254.254 (a bogon address last time I checked):
/ip firewall filter
add action=drop chain=forward comment="Drop unwanted connections" src-address=10.10.10.10 dst-address=169.254.254.254
add action=drop chain=forward comment="Drop unwanted connections" src-address=169.254.254.254 dst-address=10.10.10.10
If the remote site resolves to more than one address you would need an address range or list instead of just a single address.
If the private IPs are dynamically assigned things get harder and you may need a script to check the MAC address or something to identify the customer who wants the site blocked.
Hai tjc,
I am very thankful to you.its very cool.
If you dnt mine can you tell me in brief structure about script when i have dynamic pravite ip addres.
Thanks…
You would need to write a simple script that runs every minute or so and looks for the MAC address. Something like this:
:local IPaddress [/ip dhcp-server lease get [find mac-address="FF:FF:FF:FF:FF:FF"] address]
/ip firewall filter
add action=drop chain=forward comment="Drop unwanted connections" src-address="$IPaddress" dst-address=169.254.254.254
add action=drop chain=forward comment="Drop unwanted connections" src-address=169.254.254.254 dst-address="$IPaddress"
Note that you would need to specify where to insert the rules in the chain to have this work correctly. You would also need to clean up the rules when the lease expires, which probably means setting a global variable or an address list to keep track of the IP and having another script that removes the filter rules when the lease can’t be found.
That’s nasty enough that I would strongly recommend having DHCP do a static IP assignment based on MAC.
you can look at transparent-proxy for some hosts, and then limit in ‘access’ section who cannot access what page by setting src-address and host.
Thank you very much…