I need to implement followed functionality:
mikrotik wifi, all clients can connect.
All clients can have full access to local network, lan.
But if some client want to access internet, get out of lan, he has to:
be on special acl list, have his mac on it.
How to do it?
thanks.
I’m not aware of any MAC list in RouterOS, but you can do something like this:
/ip firewall filter
add action=jump chain=forward in-interface=<LAN> out-interface=<WAN> jump-target=outgoing
add action=accept chain=outgoing src-mac-address=00:00:00:00:00:01
add action=accept chain=outgoing src-mac-address=00:00:00:00:00:02
add action=reject chain=outgoing reject-with=icmp-admin-prohibited