Community discussions

MUM Europe 2020
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Sun Oct 14, 2018 7:54 pm

Exclude a static IP from the internet.

Fri Nov 09, 2018 9:22 am

Here is a newbie question for all. :D

What would be a good firewall rule to exclude a single static IP from the internet, but still maintain full LAN network functionality of said IP address?

Would a rule like
add chain=forward src-address="staicIPofPC" dst-address=!"LAN" action=reject
be correct?

Also do i need to reverse the rule as well?

Forum Guru
Forum Guru
Posts: 3187
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Exclude a static IP from the internet.  [SOLVED]

Fri Nov 09, 2018 2:46 pm

Why not simpler
/ip firewall
add chain=forward, action=drop, src-address=thatofyourpc, out-interface=wan
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
User avatar
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Exclude a static IP from the internet.

Tue Nov 20, 2018 2:42 pm

Actually I would prefer the reject over drop. as this will prevent timeouts on the device in question. Applications will be notified about lack of connectivity

Who is online

Users browsing this forum: yabdali and 33 guests