I'm trying create rules for following manners:
Disable all traffic for Forward Chain
Enable traffic on Forward Chain for specific ip to internet access.
First I create a rule for accept traffic for specific ip:
Code: Select all
ip firewall filter> add chain=forward action=accept connection-state=established,related,new src-address-list=access-host log=no log-prefix=""
Code: Select all
/ip firewall filter> add chain=forward action=drop log=no log-prefix=""
I thin it's good rules, and when packet from ip that is in access-host goes to first rule then is processing by firewall, and host should have internet access.
When IP is not in list, they goes to DROP rule and access to internet is droped.
What I'm doing wrong ?
My intence is prepare firewall rules that only specific ip addresses have access to internet and rest of ip from my subnet have no access.
For me worked reverse configuration. Accept all forwarding traffic, but blocked for specific hosts.
Thanks for help.
Regards