Hello everybody!
My net consists of one router mikrotik (routeros) and many switches (“not clever”).
Is it possible to change direction packets through router ? I want to close permission for some devices (printers.. etc).
I found one way to do it. Make additional subnet and move all devices to the new subnet.
But maybe i’m wrong ?
Thanks for your time!
Many commercial networks are heavily switched … 
Can you try to be a bit more precise with the question?
You can, by masquerading local traffic that way all traffic is forced over the router. Now on router you can block in firewall whatever you want.
Sorry, English is not my native language..
How I said before, all computers and printers connected through switches.
and (! important ! in one local net) i.e. if i ping from computer 192.168.1.100 to printer with IP 192.168.1.101, packets doesn’t reach
router. And i can’t make firewall rules.
Thank you!
OK - so you are talking about traffic within the LAN environment and not external traffic. You need some way to differentiate the devices which you want to apply the rules to. VLANs would do this very well so check if any of your switches support VLANs. Overlaying a second subnet on the same physical network would also work but gives you none of the other advantages of VLANs. Grouping controlled devices on a particular switch could work (along with proxy-arp) but probably isn’t practical for you and would be a messy solution anyway.
I think additional subnet it best decision (in my case) because i don’t have switches with supported VLANs.
Any way thanks for suggestion !
I can’t figure out this decision. 
Could you suggest how can i do it?
Thanks!