Hello,
i have set up a pppoe-server and it works fine. on wan interface there is an internet ip, my pppoe interface has no ip, but the clients get internet ip´s. then i have a third interface for management an the radius server. this ip is 10.10.10.10.
so everything is routing. how can i now protect the management interface. at the moment it is possible from the client side to reach the management side.
thanks
kangoo
fw: 5.10rc
rb1100
Write firewall rules for the ‘input’ chain.
Hello,
I do not have much success with my rules. 
Can anyone give me an example. Try these IP´s:
wan: 172.16.100.100/24
lan (pppoe): 192.168.0.0/24 (pool)
management: 10.10.10.10/24
Thanks
Kangoo
To drop all traffic from anything but the management network to the router:
/ip firewall filter add chain=input src-address=!10.10.10.0/24 action=drop
If you need other services on the router open (DNS, NTP), permit them first:
/ip firewall filter
add chain=input protocol=udp dst-port=53,123 action=accept
add chain=input src-address=!10.10.10.0/24 action=drop
If you even more specific help, you need to ask more specific questions, including details such as what traffic you need to not be blocked.
Hello,
now it works fine.
Thank´s
Kangoo