I have two hosts - Host-1 and Host-2
Host-1 connected to interface Ethernet-1 of Mikrotik
Host-2 connected to interface Ethernet-2 of Mikrotik
What I need:
I need to deny traffic (ICMP for example) from host 126.96.36.199 to host 188.8.131.52, but have access from 184.108.40.206 to 220.127.116.11 host.
It's like from DMZ to LAN - deny, but from LAN to DMZ - accept.
So, I can't to set firewall according this requirements.
I thought that if I accept traffic from 18.104.22.168 to 22.214.171.124 and apply common deny at the end It should work.
But in this case I can't traffic between both hosts: Host-1 hasn't access to Host-2 and vice versa.
What's wrong ?
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall connection tracking
add address=126.96.36.199/24 interface=ether1 network=188.8.131.52
add address=184.108.40.206/24 interface=ether2 network=220.127.116.11
/ip firewall filter
add action=accept chain=forward dst-address=18.104.22.168 src-address=22.214.171.124
add action=drop chain=forward