Community discussions

MUM Europe 2020
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: I'm in over my head

Fri Oct 19, 2012 11:25 am

/ip firewall filter add chain=forward src-address=192.168.168.0/25 action=accept
/ip firewall filter add chain=forward src-address=192.168.168.128/26 protocol=tcp dst-port=1723 action=accept (ips from 192.168.168.128-191)
/ip firewall filter add chain=forward src-address=192.168.168.128/26 action=drop
/ip firewall filter add chain=forward src-address=192.168.168.192/26 action=drop (blocks ips from 192.168.168.192-254)
 
rjickity
Member Candidate
Member Candidate
Posts: 212
Joined: Sat Jul 17, 2010 10:40 am
Location: Perth, Australia

Re: I'm in over my head

Fri Oct 19, 2012 11:58 am

You'll need to add in an accept for gre in there too on the pptp range
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: I'm in over my head

Fri Oct 19, 2012 4:06 pm

this is to accept GRE for those fortunate enough that are allowed to use pptp tunnels.
/ip firewall filter add chain=forward src-address=192.168.168.128/26 protocol=gre action=accept
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: I'm in over my head

Wed Oct 24, 2012 12:48 pm

/ip firewall filter add chain=forward src-address=192.168.168.128/26 protocol=tcp dst-port=1723 action=accept
/ip firewall filter add chain=forward src-address=192.168.168.128/26 protocol=gre action=accept should go before
/ip firewall filter add chain=forward src-address=192.168.168.128/26 action=drop

Who is online

Users browsing this forum: MSN [Bot] and 47 guests