Local IP block for Wan

PTPStudio · May 16, 2014, 5:59am

How to block local IPs adress to access internet but allow it to access local IPs. Share between local networks only?

rextended · May 16, 2014, 6:54am

Simply not masquerade anythig.

PTPStudio · May 16, 2014, 11:51am

I need only 1 IP adress to block for internet rest not

nick3dos · May 16, 2014, 12:04pm

Example if you want to block ip: 10.0.0.150 in 10.0.0.0/24 network

/ip firewall address-list
add address=10.0.0.1-10.0.0.149 disabled=no list=block
add address=10.0.0.151-10.0.0.254 disabled=no list=block

/ip firewall nat
add action=masquerade chain=srcnat disabled=no src-address-list=block

Rudios · May 16, 2014, 2:16pm

I advice to block via firewall filter rule.

PTPStudio · May 17, 2014, 12:42pm

nick3dos:

Example if you want to block ip: 10.0.0.150 in 10.0.0.0/24 network

/ip firewall address-list
add address=10.0.0.1-10.0.0.149 disabled=no list=block
add address=10.0.0.151-10.0.0.254 disabled=no list=block

/ip firewall nat
add action=masquerade chain=srcnat disabled=no src-address-list=block

Thanks. Have I keep default masquerade for my Wan or replace it with this one?

nick3dos · May 19, 2014, 6:34am

PTPStudio:

nick3dos:
Example if you want to block ip: 10.0.0.150 in 10.0.0.0/24 network
/ip firewall address-list
add address=10.0.0.1-10.0.0.149 disabled=no list=block
add address=10.0.0.151-10.0.0.254 disabled=no list=block
/ip firewall nat
add action=masquerade chain=srcnat disabled=no src-address-list=block
Thanks. Have I keep default masquerade for my Wan or replace it with this one?

replace it with this one