Ports and Web blocking in RB2011

RouterOS Beginner Basics
1

Hi guys,
I’m new to mikrotik and trying to figure out how firewall works, in order to configure it.
All i want to do is:

  1. block all incoming and outgoing port connections, except 25,110,3389
  2. block all websites, except mail.google.com, mail.yahoo.com
  3. apply this rules to specific subnet (ex. 192.168.0.128/25)

I tried different variation of code but, it’s not working properly.
One version is this:

/ip firewall address-list add list=mail_accept address=mail.google.com
/ip firewall address-list add list=mail_accept address=mail.yahoo.com
/ip firewall filter add chain=forward dst-port=!25,110,3389 src-address=192.168.0.128/25 dst-address-list=!mail_accept protocol=tcp action=drop

Can you guys tell what’s wrong with this code and help to setup firewall properly? Thanks.

2

try this - it may work I am not 100% sure:

Replace last rule with the following 3 rules:

Accept ‘forward’ from ‘subnet’ to ‘address-list’ using ‘ports’ protocol ‘tcp’.

Accept ‘forward’ from ‘address-list’ to ‘subnet’ using ‘ports’ protocol ‘tcp’

Drop ‘forward’ any other packets at end of firewall rule list to drop anything else.

Sent from my BlackBerry 9900 using Tapatalk