Hello, I have an RB2011UiAS-2HnD running OS 6.40.4. Within my network I have a security cam DVR which I would like to be able to access from different PCs within my network. BUT I do not want that device to be able to send traffic outside of my network. I have several security concerns regarding the online DVRs.
I have looked through the manual and my copy of RouterOS for a way to configure the firewall to do this, but apparently I’m a better programmer than router guru… Also my wife will be PO’d if
“I break the Internet again ! ”
Could someone point me to any examples of the best practice way to do this. I can work with winbox, webfig, or ssh…
Thank you for the quick reply! I will try this out tonight and post how it goes. Hopefully I can use this as an example to get my head around the FW information in the RouterOS book.
Best Regards,
Dan
Hello I attempted the command provided:
/ip firewall filter add action=drop chain=forward dst-address=!192.168.0.0/24 in-interface=ether19 Which I adjusted for my network and for the interface. I am using an RB2011UiAS-2HnD running OS 6.40.4 ...... this device has 10 Ethernet ports allocated to two switches......
NAME
0 R ether1-gateway
1 RS ether2
2 RS ether3
3 S ether4
4 S ether5
5 RS ether6-master-local
6 S ether7-slave-local
7 S ether8-slave-local
8 XS ether9-slave-local
9 RS ether10-slave-local
10 XS sfp1
11 RS wlan1
12 R bridge-local
When I attempt to execute the command I receive the following:
"in/out-interface matcher not possible when interface (ether 7-slave-local) is slave - use master instead (bridge-local)" So apparently I am overlooking something fundamental to the port configuration ???????
Thank you, Changing the interface to the device IP rather than the actual port did the trick! Thank you both for the suggestions! Now I don’t worry that someone outside of my network can access this device. And my wife is happy that I didn’t break the Internet…again !!
”