I'm thinking about to do something to stop the NetCut,

The idea is to make different IP range addresses for each user,

Example:

[admin@MikroTik] > ip address pr
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.1.99/24 192.168.1.0 192.168.1.255 WAN
1 192.168.10.1/30 192.168.10.0 192.168.10.3 LAN
2 192.168.11.1/30 192.168.11.0 192.168.11.3 LAN

User 1 IP:
192.168.10.2
255.255.255.252
192.168.10.1

User 2 IP:
192.168.20.2
255.255.255.252
192.168.20.1

Now you can see that I have a different networks each network has only one IP address range so the NetCut can only see itself, You know what I mean !!

The problem is (User 1) still pinging on (User 2) sounds like a (NAT) inside the ROS but I have no firewall NAT, When I turn off the ROS (User 1) stops pinging on (User 2) immediately, which is mean the ROS did that thing to let (User 1) pinging on (User 2).

What I want is just to stop User 1 seeing User 2, I don't want to just block the ping but to drop all the internal connection between them inside the ROS.

Ahmed

the filter rules( firewall) can block traffic between subnets.

ok do you have an example to try it ?

If you use DHCP try changing subnet-mask to 255.255.255.255, it works on all Windows

ayufan

I know this trick to changing the subnet-mask to 255.255.255.252 (xxx.xxx.xxx.xxx/30), but I want to know how to block the traffic between subnets in the filter rules !!

Cheers

how i can do this

ITQAN, what you will do when bad client is connected on the same switch with good client ?
Bad client can get that point to point IP address and use it as well, isn’t it ?

Probably you can think about PPPoE server for the network, if you have too many issues with bad clients.