Ok This is my setup
Vlan1-192.168.1.0/24
vlan2-192.168.2.0/24
vlan3-192.168.3.0/24
I have tested the vlan settings and all works correctly. My Issue is when I need to seperate all three vlans so that they can not talk to each other but still can get to the internet.
right now when I attempt to ping from 192.168.1.2 to 192.168.3.2 I get a reply. How can I block all traffic between the three networks.
You can either make specific rules:
/ip firewall filter
add chain=forward in-interface=Vlan1 out-interface=Vlan2 action=drop
add chain=forward in-interface=Vlan1 out-interface=Vlan3 action=drop
add chain=forward in-interface=Vlan2 out-interface=Vlan1 action=drop
add chain=forward in-interface=Vlan2 out-interface=Vlan3 action=drop
add chain=forward in-interface=Vlan3 out-interface=Vlan1 action=drop
add chain=forward in-interface=Vlan3 out-interface=Vlan2 action=drop
Or with just one assuming that all three VLANs are supposed to reach some other interface you can do this statefully and go for a default drop policy, which is a good idea anyway. Let’s assume that interface connects to the Internet and is called WAN:
/ip firewall filter
add chain=forward connection-state=established action=accept
add chain=forward connection-state=related action=accept
add chain=forward connection-state=invalid action=drop
add chain=forward out-interface=WAN action=accept
add chain=forward action=drop
Thank You for your reply the second rule as your suggested worked perfectly.