Hi guys,
Just wondering if someone can please help me with an issue I have been trying to troubleshoot for 2 days now.
I work at a school and recently had a technician come in and setup our Mikrotik . He is currently unavailable, so I am trying to get my head around the configuration.
I have a 2nd test box to test everything on and have been playing around with that before I touch the production box.
What I am trying to do is block port 4070 (spotify) and the iprange of 194.68.28.0/22.
I believe I have done it correctly (See screenshots), but it is just not working. I am beginning to understand the firewall chains and believe it may have something to do with how the technician has set them up.
Any assistance would be great, its such a simple request, but I just cant seem to get it.
Everytime I apply the rule to production and torch the ISP interface, it still lets through the traffic.
Am I missing something with the Interfaces? Please help, thanks!!
Hi
Do you have an address list called 194.68.28.0/22? maybe you should use src address instead of src address list.
Are you sure it is TCP traffic? maybe remove that check
Move the port number to dest port
I would also check where your rule is in the chain (how far down the list), by default I think the rule will be added to the bottom of the list. So if you have a rule above your rule which allows traffic to spotify. traffic will never touch your rule. Rules are stopped processed as soon as first match is found.