Stop port 25 traffic from LAN to WAN

RouterOS Beginner Basics
1

Hello, while I should probably be a little more selective, I have a rule in my filtering chain that allows any host in LAN1 to pass everything through the WAN interface. However, I would like to be able to keep LAN1 from letting traffic out on specific ports prior to the other rules but I am getting an error and am looking for advice on how to do this:

/ip firewall filter add chain=forward action=drop protocol=tcp dst-port=25 \
    in-interfcae=LAN1 out-interface=WAN \
    comment="Only allow SMTP to internal hosts"

The first “i” in the “in-interface” gets highlighted and I haven’t been able to determine why this is the case.

Thanks in advance for any pointers or suggestions.

– DJ Lucas

2

you don’t have to determine in and out interface, analyze the packet which get out of your lan network and gets to internet

/ip firewall filter add chain=forward action=drop protocol=tcp dst-port=25 \
    src-address=X.X.X.X/Y comment="Only allow SMTP to internal hosts"

where X.X.X.X / Y its your lan network address

3

Thanks for the answer, but I should have been more specific. I need to allow SMTP traffic to pass from LAN1 interface into the DMZ interface. So 2 additional rules in this case, or is there a better way still?

– DJ Lucas

4

First letter highlighted means syntax error and you have misspelled “in-interfcae” obviously :wink:

5

I dont understand, what do you mean as ‘DMZ interface’ ? what do you want do be ‘dropped’ on firewall ?
Maybe you want to do masquerade ?

6

FACEPALM :slight_smile: Thanks zervan.