Page 1 of 1

Firewall Drop

Posted: Sun Mar 01, 2015 4:53 pm
by psycoclan1
Hello friends,

My network is 1 PC as router (DHCP Server etc), 1 DSL modem (gateway), and another wifi AP.

I want to block one MAC address from accessing the internet and the network generally.

So i added a firewall rule :

General : Chain : Forward
Advanced : Src MAC address : The address of the desired device

And Action : Drop


But the device is still connected to the network and no problems at all with the internet.

What am i doing wrong and how can i fix it?

Thanks in advance :)

Re: Firewall Drop

Posted: Sun Mar 01, 2015 6:07 pm
by Liodakis

My network is 1 PC as router (DHCP Server etc), 1 DSL modem (gateway), and another wifi AP.
1) Where is the MikroTik?
2) The MAC Address you want to block is connected wired or Wireless (If Wireless, what AP you use?)?

Re: Firewall Drop

Posted: Sun Mar 01, 2015 7:51 pm
by psycoclan1
MT (192.168.1.3) is connected through lan cable into the one port of DSL (192.168.1.1) modem. The wifi AP (192.168.1.2) is connected to the DSL modem as well through Lan cable.

The user is connected to the AP wirelessly.

MT is the only DHCP server of the network and most of the devices are connected to the network through the AP wirelessly.

I can see all the mac addresses but it seems i cant block/handle them

Re: Firewall Drop

Posted: Mon Mar 02, 2015 12:00 am
by Liodakis
It's normal the firewall rules not working on your Network.

Your MikroTik ACT only as a DHCP Server, not as a Router/Firewall.

I suggest to use MikroTik as Router (MikroTik PPPoE -> aDSL Modem/Router in Bridge Mode) in order to use MikroTik Firewall features.

Re: Firewall Drop

Posted: Mon Mar 02, 2015 9:46 am
by Rudios
What you could do (although it is not a real solution) is put a bogus IP address as reservation for the deisred MAC address.
If the device then request an IP from the DHCP server it will get a unusable IP address and will not be able to browse the internet. (e.g. assign 192.168.100.254 for the device).
The side note I have to make is that if the user of the device is smart enough, he can put his IP settings manually and the completely bypass the DHCP.

Re: Firewall Drop

Posted: Mon Mar 02, 2015 7:08 pm
by psycoclan1
Thats what i thought from the first time but yes if he set his devices ip manually then he can have access. So im looking for a "proper" and permanent solution.

Liodakis thank you for your reply. My mikrotik PC has 1 LAN port (the built-in one) at the moment so im not quite sure how i can run mikrotik as PPPoE ADSL modem router. If im not mistaking you advise me to set the LAN port of mikrotik as WAN and then do the rest from a second LAN port (NAT, local routing etc). So i might be in need to find-buy a 2nd LAN card. Correct?