Hi, I would like to block UPnP for two LAN IP addresses but I don't understand how to do it ...
I tried to block port 5000 TCP/UDP with chain input and forward but it still works, do I have to block others ports or protocols?
Thanks
/ip firewall filter
add action=drop chain=input dst-port=1900 protocol=udp src-address=192.168.x.x
add action=drop chain=input dst-port=2828 protocol=tcp src-address=192.168.x.x
/ip firewall filter
add action=drop chain=input dst-port=1900 protocol=udp src-address-list=!allow_upnp
add action=drop chain=input dst-port=2828 protocol=tcp src-address-list=!allow_upnp
/ip dhcp-server lease
add address=192.168.x.x mac-address=xx:xx:xx:xx:xx:xx address-lists=allow_upnp
You are right is the best solution!Although I'd probably rather use whitelist