Community discussions

MikroTik App
 
gladsheim
just joined
Topic Author
Posts: 1
Joined: Sun Aug 29, 2021 2:33 pm

Firewall - Disable traffic for Forward Chain

Sun Aug 29, 2021 11:38 pm

Hi
I'm trying create rules for following manners:
Disable all traffic for Forward Chain
Enable traffic on Forward Chain for specific ip to internet access.

First I create a rule for accept traffic for specific ip:
ip firewall filter> add chain=forward action=accept connection-state=established,related,new src-address-list=access-host log=no log-prefix=""
After that, drop all traffic:
/ip firewall filter> add chain=forward action=drop  log=no log-prefix=""
When I prepare rules like above, hosts from list: access-host don't have internet connection. Why ?
I thin it's good rules, and when packet from ip that is in access-host goes to first rule then is processing by firewall, and host should have internet access.
When IP is not in list, they goes to DROP rule and access to internet is droped.

What I'm doing wrong ?
My intence is prepare firewall rules that only specific ip addresses have access to internet and rest of ip from my subnet have no access.

For me worked reverse configuration. Accept all forwarding traffic, but blocked for specific hosts.
Thanks for help.
Regards
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Firewall - Disable traffic for Forward Chain

Tue Aug 31, 2021 1:54 am

No need to disable any traffic as you speak.

Simply take the default firewall rules as they are with some modification.

Create a last rule that blocks all other traffic as the last rule in the forward chain

add action=drop chain=forward.

Now all internet access is blocked all wan to lan traffic blocked and all lan to lan traffic is blocked.

However you didnt really state a complete set of requirements and you didnt provide your current config and you didnt provide a network diagram and thus the above may or may not solve your issues.
 
sid5632
Long time Member
Long time Member
Posts: 552
Joined: Fri Feb 17, 2017 6:05 pm

Re: Firewall - Disable traffic for Forward Chain

Tue Aug 31, 2021 2:24 am

When I prepare rules like above, hosts from list: access-host don't have internet connection. Why ?
Where do you think the return traffic from the internet goes?

Who is online

Users browsing this forum: No registered users and 36 guests