I know its possible to restrict access to the internet at certain times using firewall rules, but I can’t figure out how those rules should be set up.
I also need to have this restriction on only one of three wlans.
an anyone point me in the right direction?
Thx Anders O
Here is what I use. I also have another connection mark for allowed, that allow certain users within the DHCP interface based on source mac address. You might not need any of that, if you do just let me know.
/ip firewall filter
add action=jump chain=input comment="Jump to Times" connection-mark=DHCP \
disabled=no jump-target=times
add action=jump chain=forward comment="Jump to Times" connection-mark=DHCP \
disabled=no jump-target=times
add action=return chain=times comment="********TURN ON********" disabled=yes
add action=drop chain=times comment="Drop 2300-2400" disabled=no time=\
23h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=times comment="Drop 2400-0500" disabled=no time=\
1s-4h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=times comment="Drop Weekday 0800-1630" disabled=no \
time=8h1s-16h29m59s,mon,tue,wed,thu,fri
add action=drop chain=times comment="********TURN OFF********" disabled=yes
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no \
in-interface=DHCP new-connection-mark=DHCP passthrough=no
add action=mark-connection chain=postrouting \
disabled=no new-connection-mark=DHCP out-interface=DHCP passthrough=no
Here’s what I have tried:
0 chain=forward action=accept connection-state=established
1 chain=forward action=accept connection-state=related
2 chain=forward action=drop in-interface=wlan1 out-interface=ether1 time=10h30m-10h35m,sun,mon,tue,wed,thu,fri,sat
3 chain=forward action=accept in-interface=wlan1 out-interface=ether1
But it doesn’t seem to work.
I’ll see if I can adapt your script to work for me. I don’t need any DHCP rules.
Thx for your help so far 
They are not DHCP specific rules. DHCP is just what my interface and connection mark are called.
Ah, I see that now.
Mind you this AP is not set up as a router at all, just an accesspoint.
Do I have to set up NATing aswell to get this working?
Shouldn’t I be able to just apply firewall rules to the traffic passing through the AP?
Can you post the one with dhcp interface based on source mac address, thanks in advance
[ASK].. ass agan2 yg dh sunior mf ane mo tanya..
gan gmn caranya ane pake mikrotik rb750 d pake d warnet mo d pake dr jam 08 pg sampei jam 12 mlm sj,jd jam 12 mlm ke sana akses internet gk konek alias gk bs browsingan secara otomatis internet gk konek gt gan..mhn bantuannya agan2..mksh
It is important to remember that many Internet users, in a multinational company will not have English, as their first language. Most staff in professional roles is likely to speak and read English, but, as Internet access becomes more pervasive, the proportion of non-English speaking users will increase.
I tried to do the inverse (make a blacklist instead of a whitelist) but am having no luck. I can tell the connection is marked because the bytes go up on the mangle page as I use the device. I don’t see the bytes increment much on the filter page for the jump rule. What am I missing?
/ip firewall mangle
add action=mark-connection chain=forward comment="Mark Restricted Connections" disabled=no in-interface=bridge-local \
new-connection-mark=NoNight passthrough=no src-mac-address=XX:XX:XX:XX:XX:XX
/ip firewall filter
add action=jump chain=input comment="Jump to Times" connection-mark=NoNight disabled=no jump-target=times
add action=jump chain=forward comment="Jump to Times" connection-mark=NoNight disabled=no jump-target=times
add action=return chain=times comment="********TURN ON********" disabled=no
add action=drop chain=times comment="Drop 2300-2400" disabled=no time=\
23h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=times comment="Drop 2400-0500" disabled=no time=\
1s-4h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=times comment="Drop Weekday 0800-1630" disabled=no time=\
8h1s-16h29m59s,mon,tue,wed,thu,fri
add action=drop chain=times comment="********TURN OFF********" disabled=yes