Hello,
I have two hosts - Host-1 and Host-2
Host-1 connected to interface Ethernet-1 of Mikrotik
Host-2 connected to interface Ethernet-2 of Mikrotik
What I need:
I need to deny traffic (ICMP for example) from host 2.2.2.10 to host 1.1.1.10, but have access from 1.1.1.10 to 2.2.2.10 host.
It's like from DMZ to LAN - deny, but from LAN to DMZ - accept.
So, I can't to set firewall according this requirements.
I thought that if I accept traffic from 1.1.1.10 to 2.2.2.10 and apply common deny at the end It should work.
But in this case I can't traffic between both hosts: Host-1 hasn't access to Host-2 and vice versa.
What's wrong ?
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall connection tracking
set enabled=yes
/ip address
add address=1.1.1.1/24 interface=ether1 network=1.1.1.0
add address=2.2.2.1/24 interface=ether2 network=2.2.2.0
/ip firewall filter
add action=accept chain=forward dst-address=1.1.1.10 src-address=2.2.2.10
add action=drop chain=forward
[admin@MikroTik] >