Community discussions

MikroTik App
 
adam23450
just joined
Topic Author
Posts: 16
Joined: Sat Sep 04, 2021 12:23 pm

Mikrotik and a firewall

Sat Sep 04, 2021 12:26 pm

I would like to block access to my switch on my LAN which has an IP address of 192.168.0.2 for the entire LAN and allow for a given address in the LAN, ie 192.168.0.5. How to make these rules? I've been struggling with it for 2 days and I can't think of anything.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: Mikrotik and a firewall

Thu Sep 09, 2021 1:20 am

There are so many possibilities to Secure your Router.
Look up the Mikrotik-Handbook : https://help.mikrotik.com/docs/display/ ... v4firewall


A Basic Solution in your case :

Step 1: Add Address-List
/ip firewall address-list
add address=192.168.0.5 list=allowed_to_router 
Step 2: Basic Input Firewall-Rule
/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=drop chain=input
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Mikrotik and a firewall

Thu Sep 09, 2021 1:26 am

Do not do any reported, use directly what is maded for do that on one place.

if you want use winbox, disable all on /ip services except winbox,
and set inside winbox service what is the IP, or muiltiple IP allowed to login

if you want use webfig, is like the same, disable all on /ip services except www,
and set inside www service what is the IP, or muiltiple IP allowed to login

Same with telnet, ssh and API.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik and a firewall

Thu Sep 09, 2021 4:10 pm

I am confused by the responses, the OP appears to be talking about LAN access where you have responded with router (input chain) access???

To the OP.

Post your config
/export hide-sensitive file=anynameyouwish
and a network diagram so we can see the components and their relationship via ethernet/wifi, subnet structure!


This will be a simple case of adjusting forward chain firewall filter rules to accommodate your request.
BUT,
I do agree the request is vague and hence perhaps the confusion.

First of all you cannot block access to a switch that is on the same subnet as users, from those users.
You need to put the switch, or the users on a different subnet to do this, or put the switch or the users on a different vlan etc....
Then this becomes very easy.

Who is online

Users browsing this forum: anav, JDF, Semrush [Bot] and 102 guests