I would like to block access to my switch on my LAN which has an IP address of 192.168.0.2 for the entire LAN and allow for a given address in the LAN, ie 192.168.0.5. How to make these rules? I’ve been struggling with it for 2 days and I can’t think of anything.
There are so many possibilities to Secure your Router.
Look up the Mikrotik-Handbook : https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall#BuildingYourFirstFirewall-Ipv4firewall
A Basic Solution in your case :
Step 1: Add Address-List
/ip firewall address-list
add address=192.168.0.5 list=allowed_to_router
Step 2: Basic Input Firewall-Rule
/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=drop chain=input
Do not do any reported, use directly what is maded for do that on one place.
if you want use winbox, disable all on /ip services except winbox,
and set inside winbox service what is the IP, or muiltiple IP allowed to login
if you want use webfig, is like the same, disable all on /ip services except www,
and set inside www service what is the IP, or muiltiple IP allowed to login
Same with telnet, ssh and API.
I am confused by the responses, the OP appears to be talking about LAN access where you have responded with router (input chain) access???
To the OP.
Post your config
/export hide-sensitive file=anynameyouwish
and a network diagram so we can see the components and their relationship via ethernet/wifi, subnet structure!
This will be a simple case of adjusting forward chain firewall filter rules to accommodate your request.
BUT,
I do agree the request is vague and hence perhaps the confusion.
First of all you cannot block access to a switch that is on the same subnet as users, from those users.
You need to put the switch, or the users on a different subnet to do this, or put the switch or the users on a different vlan etc…
Then this becomes very easy.