How to protect router: acces only from specified address?

Hello,

How can i allow access to router only from a specified IP address?

I tried to do following:

Please look at the picture below.

Also i tried to add the firewall rules as described here http://wiki.mikrotik.com/wiki/Securing_your_router


But still when I connect to hotspot I am able to access the router from any address (10.0.0.0).

What is the use of that firewall entry, described in the wiki?

I would like to be able to access the router only from local network, only from one address (192.168.3.100)

Try adding this.

/ip hotspot walled-garden ip
add action=accept protocol=tcp src-address=192.168.3.100 dst-address=192.168.3.1 dst-port=8291

If possible, post more info regarding your configuration so we may help. Thanks.

But what i am trying to do is disable access to router from hotspot network.

As far as i understand the above entry is for allowing access.

Can you post a bit more info on your configuration?

/ip address print
/ip firewall filter print

You can set up an address list in the firewall, then put in a filter rule that will accept connections from those IP addresses, and then after that a rule that will drop everything else. Order of rules in the firewall is extremely important. The good thing about an address list is you can have multiple IPs/Subnets in them without having to make a rule for each of them.

/ip firewall address-list
add address=Your-IP-address list="known"
/ip firewall filter
chain=input action=accept src-address-list="known"
chain=input action=drop

Be sure to have a console cable ready, in case it gets messed up, because with the filter rule it will drop all input without the first rule being there. If you wanted to get more specific you can do that by adding more to the firewall matcher. If these rules don’t work, move them up in the list because something before them is accepting your connections.

http://wiki.mikrotik.com/wiki/Manual:Console#Safe_Mode =)