hello ,

i am facing a problem these days that many free vpn(pptp) provider put their ads on it & They eat bandwidth also . so i want to block these pptp traffic through my mikrotik . means i don't want my user can connect to any pptp. need your help guys

Block destination port TCP 1723 in the forward chain, or better block protocol type 47 (GRE) which is used by PPTP. That way you will also block PPTP services on non-standard ports.

this will effect other traffic or not ? if i block pptp port

Block destination port TCP 1723 in the forward chain, or better block protocol type 47 (GRE) which is used by PPTP. That way you will also block PPTP services on non-standard ports.

ros code

/ip firewall filter add chain=forward protocol=gre action=reject reject-with=icmp-protocol-unreachable

Should block GRE protocol which is used by PPTP for data transfer, no other traffic should be affected.

let i will try this one .. thanks for ur kind reply

ros code

/ip firewall filter add chain=forward protocol=gre action=reject reject-with=icmp-protocol-unreachable

Should block GRE protocol which is used by PPTP for data transfer, no other traffic should be affected.

didn't work on my router.
it should be like this:

That's a misunderstanding. The OP wanted to block PPTP to be transited by his Mikrotik, and that rule works for that task.

Your rule blocks incoming GRE connections to your Mikrotik itself, which is a different task (and to block PPTP connections to your Mikrotik itself, not enabling /interface pptp-server server is sufficient, you don't need any rule for that).

In general blocking GRE kills not only PPTP but also other protocols using GRE, which may be fine for the OP's purposes but in general it is a bad idea.