I’m trying to block torrent on my network I’m using /23 subnet. Requirement is to exclude certain IPs from /23 reange. So far I see only to exclude one ip at a time. How do I exclude around 20 IPs.
I.E 172.16.144.30 , 172.16.144.55 ,172.16.144.85 , 172.16.145.20 , 172.16.145.30 , 172.16.145.56 . Here is my rule
well again in address-list I’m allowed to create wither single IP address or range , but in my case I have to exclude some random IPs not in range like 1-10 . It could be 2 , 5 , 20 or 25 , so is there any way to do that.
So I had to add each ip one by one into allowed-bit .
Regards
That’s the way it works - you add several IPs by one and then have a single address list with multiple single IPs and use it in filter rules.
Or I misunderstood the question ?
All are you guys correct. Since I’m new to Mikrotik and I’m on test phase before moving to production. I’m Linux lover and on Linux there is a plenty of way to achieve it in a single Rule. Yet customization is there . Hope with Mikrotic I will have a good experience as well. It has license while on linux there is no license at all.
When you understand IP addressing and subnetting well, you can add multiple IP as a single entry in some cases.
E.g. when you want to add 10.0.0.4 10.0.0.5 10.0.0.6 and 10.0.0.7 all to the same address list you can add 10.0.0.4/30
But when you are really after specifying individual systems for some task, it is probably better to add them as individual addresses.
Note that you already need only 1 rule, that refers to the address list, and the address list then contains all the addresses you want to refer to.
(you can add quite a lot of addresses to a single address list!)
So your firewall rule set remains simple.