Hi, I need to block internet access to some computers on a customer network, can I do that with /ip firewall mangle feature ?, how ?, they must check e-mails but not access the www and chat, etc.
Thanks a lot
Firewall filter will help you.
‘ip firewall filter’. Use chain=forward to allow/block clietnts traffic. Allow e-mail traffic (25/110 port numbers), and block other traffic,
http://www.mikrotik.com/docs/ros/2.9/ip/filter
Ok, understand, do you recommend me to apply firewall filters and not firewall mangle ?.
if you have to bock something completely then filter is place to go.
Mangle allows to mark packets, modify values in tge IP header like TOS (DSCP) and TTL fields.
‘ip firewall filter’ filters packets.
In this case I have a wireless lan with encore access point and need to put mk between adsl modem and this encore. In the mac address filter into the mk, I must put the wireless mac address no ?
Thanks
Another question, if I want to set more than one mac address in firewall filter, may I do that ?, eg:
add in-interface=inside src-mac-address=00-08-AA-50-BD-33,00-08-AA-50-BD-35, dst-address=0.0.0.0 dst-port=80 protocol=tcp action=drop comment=“” disabled=no
Thanks
I think, you can set only one MAC-address entry per rule.
I would create a new chain called MAC-Auth.. Put all of the mac addresses that are allowed access to the network in this chain and put a REJECT rule at the bottom of the chain.
Then jump to this chain from the INPUT filter with the condition that the traffic originates from the LAN interface.
That should take care of it.
Your bill is in the mail. 
-Bill
Bill, thanks, have you got an example of this ?