Page 1 of 1

Block internet access to local ip address but only for one ppp interface

Posted: Sun Jan 29, 2017 1:13 pm
by RLithgo
My router will fallback to 3g modem if the main wan gateways fail. If this happens, i need to block the ps4 from accessing the internet as it could quickly consume the data allowance on the 3g modem. So how do i block all traffic to/from the ip (10.1.1.30) but only if that traffic is going through the ppp-True3g interface? Can it be done with one firewall rule?

Re: Block internet access to local ip address but only for one ppp interface

Posted: Sun Jan 29, 2017 1:29 pm
by docmarius
Exactly as you say, just add a firewall rule to drop forward from 10.1.1.30 to the ppp-True3g interface somewhere at the top of your filter rules, since rules are evaluated in order:
/ip firewall filter add action=drop chain=forward out-interface=ppp-True3g src-address=10.1.1.30

Re: Block internet access to local ip address but only for one ppp interface

Posted: Sun Jan 29, 2017 2:41 pm
by RLithgo
Thanks, I thought it would be something like that but wasn't sure if i also needed a rule to block "in-interface=ppp-True3g" but i guess if the outbound traffic is being blocked, there shouldn't be any incoming traffic.

Re: Block internet access to local ip address but only for one ppp interface

Posted: Sun Jan 29, 2017 6:10 pm
by rextended
Thanks, I thought it would be something like that but wasn't sure if i also needed a rule to block "in-interface=ppp-True3g" but i guess if the outbound traffic is being blocked, there shouldn't be any incoming traffic.
"in-interface" is not needed because your PS4 are behind NAT.
If with UPnP the PS4 open some ports on ppp-true3g, the ps4 can not comunicate to servers the port opened on ppp-true3g.
If the remote servers do not know the IP, "in-" comuication do not happen.

Re: Block internet access to local ip address but only for one ppp interface

Posted: Sun Jan 29, 2017 11:44 pm
by RLithgo
Many thanks for your help and the clarification on in-interface.
:D