I have my DHCP IP range as 192.168.20.5-254. I want to block the user access to internet from mikrotik for the range starting from 5-254. and allow the ip 1-4 to have full access. Also can give those machines static ip from 1-4. This is to be done on the base of timings. Morning to evening no access for 192.168.20.5-254 and in the evening want to allow all. need help for it.
Create an Address List containing the IP’s you want to have all the time access on.
Create srcnat rule that srcnat’s those ip’s all the time
Create a srcnat rule that nat’s the rest of the IP’s ( or everything different than the Address List from above ) ONLY at the times you want ( Time setting is under the “Extra” tab when you add firewall rules through winbox ).
There are other ways to do that, but imo this is the way with the least complicated rules added to your firewall.