For this I have the following rules:
Code: Select all
/ip firewall filter
add action=accept chain=forward comment="RESTRICTED NETWORK" connection-state=established,related in-interface=VLAN1
add action=accept chain=forward dst-address=128.0.10.5 dst-port=445 in-interface=VLAN1 protocol=tcp
add action=accept chain=forward dst-address=128.0.10.5 dst-port=445 in-interface=VLAN1 protocol=udp
add action=accept chain=forward dst-address=128.0.10.5 dst-port=53 in-interface=VLAN1 protocol=tcp
add action=accept chain=forward dst-address=128.0.10.5 dst-port=53 in-interface=VLAN1 protocol=udp
add action=drop chain=forward in-interface=VLAN1 out-interface=VLAN2
In a normal environment this works fine, but when someone on VLAN1 connects to a VPN server (using the integrated VPN of Samsung called "Secure Wi-Fi", for example), filtering no longer works.
Any idea what I should do?