Community discussions

MikroTik App
 
User avatar
neutronfreak
just joined
Topic Author
Posts: 8
Joined: Mon Jul 27, 2020 7:53 am

Block New Dynamic Leases [Help]

Sat May 01, 2021 6:12 am

Good Day !
Is there a way to drop connection for those new dynamic leases ?
tia..
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Block New Dynamic Leases [Help]

Sat May 01, 2021 7:38 am

What are you trying to accomplish? Do you want to have no DHCP client, or only certain ones, or something else?
 
User avatar
neutronfreak
just joined
Topic Author
Posts: 8
Joined: Mon Jul 27, 2020 7:53 am

Re: Block New Dynamic Leases [Help]

Sat May 01, 2021 11:57 am

Only certain ones
i doesn't use pppoe.
only direct dhcp leases
then every time a new clients is connected ( a new D - dynamic ip) will show - then i'll make it static
what i want to accomplish :
automatically block new clients connected ( a new D - dynamic ip)
then i will unblock once i grant permission of a certain ip ( a new D - dynamic ip) - then i'll make it static

tia.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Block New Dynamic Leases [Help]

Sun May 02, 2021 8:58 pm

If you have a DHCP server that has no IP pool (or no addresses in the pool), it will be unable to issue dynamic addresses. However it can happily hand out static addresses (some systems call that DHCP reservations) to known MAC addresses. So it you need to add a device, create a new static address in the DHCP server - hint, copy from an existing one is easier - just change the MAC and client ID and of course the desired static IP (DHCP reservation). I do that on several of my LANs.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block New Dynamic Leases [Help]

Sun May 02, 2021 11:25 pm

Good Day !
Is there a way to drop connection for those new dynamic leases ?
tia..
yes, block address pool on firewall
 
User avatar
neutronfreak
just joined
Topic Author
Posts: 8
Joined: Mon Jul 27, 2020 7:53 am

Re: Block New Dynamic Leases [Help]

Thu May 06, 2021 1:35 pm

thank you..
it seems i cannot find Address Pool in Filter Rules.
i can drop specific addresses but i cant find address pool .
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block New Dynamic Leases [Help]

Thu May 06, 2021 2:10 pm

copy-and-paste pool on firewall rules
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: Block New Dynamic Leases [Help]

Thu May 06, 2021 3:10 pm

make an address list called "allowed DHCP_addresses".
Then drop traffic on the forward chains NOT from or to this address list.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Block New Dynamic Leases [Help]

Thu May 06, 2021 5:56 pm

thank you..
it seems i cannot find Address Pool in Filter Rules.
i can drop specific addresses but i cant find address pool .

IP Pool is not in rules. I use WinBox most of the time, so this screen capture should help:

Image

If in a terminal window, see here:
/ip pool
add name=".204 DHCP pool" ranges=192.168.204.100-192.168.204.109
add name=".209 DHCP pool" ranges=192.168.209.100-192.168.209.109
 
User avatar
neutronfreak
just joined
Topic Author
Posts: 8
Joined: Mon Jul 27, 2020 7:53 am

Re: Block New Dynamic Leases [Help]

Sat May 08, 2021 9:33 am

i've already created a pool
/ip pool
add name="3-24 DHCP pool" ranges=192.168.89.3-192.168.204.24
add name="25-254 DHCP pool" ranges=192.168.89.25-192.168.209.254
but i cant find Address pool drop down option box to put this .3-24 DHCP pool inside firewall rules.
is this correct ?. ive done this and nothin seems to happen.
/ip firewall address-list
add address=192.168.89.3-192.168.209.24 comment="3-24 DHCP pool" list=3-24 DHCP pool

/ip firewall filter
add action=drop chain=forward in-interface=ether1 src-address-list=3-24 DHCP pool
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block New Dynamic Leases [Help]  [SOLVED]

Sat May 08, 2021 10:29 am

>3-24 DHCP pool< must be quoted: "3-24 DHCP pool"

but the right way is like:
/ip firewall address-list
add list="list blocked DHCP pools" address=192.168.204.100-192.168.204.109 comment="block .204 DHCP pool"
add list="list blocked DHCP pools" address=192.168.209.100-192.168.209.109 comment="block .209 DHCP pool"

/ip firewall raw
add chain=prerouting src-address-list="list blocked DHCP pools" action=drop comment="block DHCP pools"
 
User avatar
neutronfreak
just joined
Topic Author
Posts: 8
Joined: Mon Jul 27, 2020 7:53 am

Re: Block New Dynamic Leases [Help]

Sat May 08, 2021 10:45 am

>3-24 DHCP pool< must be quoted: "3-24 DHCP pool"

but the right way is like:
/ip firewall address-list
add list="list blocked DHCP pools" address=192.168.204.100-192.168.204.109 comment="block .204 DHCP pool"
add list="list blocked DHCP pools" address=192.168.209.100-192.168.209.109 comment="block .209 DHCP pool"

/ip firewall raw
add chain=prerouting src-address-list="list blocked DHCP pools" action=drop comment="block DHCP pools"
OMG it really works...
My sincere appreciation...
Thank you so much my friend sir @rextended / @WeWiNet / @k6ccc.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block New Dynamic Leases [Help]

Sat May 08, 2021 10:58 am

Thanks!

Who is online

Users browsing this forum: Ellaham and 49 guests