So, for some unknown reason, the router i've just come to manage, some lunatic has set it to have port 3889 open to the world.....
I've therefor setup a vpn, and i'm moving people over to it. However, there are 2 people currently working through rdp that I cannot get hold of, so what I want to do is just start blocking off the IP addresses of people i've already switched over so that their computer is no longer accessible via rdp.

I put in place
Chain=Input
Dst Address= (address of computer on site)
Dst Port= 3389
Action= Drop

I thought this would just block that particular computer from being accessed.

Then once i got hold of the other 2 people, i could remove the open to the world rdp rule completely, but for now this is a quick fix.

However........it doesnt block it.

Is the other rule overriding it?

So, for some unknown reason, the router i've just come to manage, some lunatic has set it to have port 3889 open to the world.....
I've therefor setup a vpn, and i'm moving people over to it. However, there are 2 people currently working through rdp that I cannot get hold of, so what I want to do is just start blocking off the IP addresses of people i've already switched over so that their computer is no longer accessible via rdp.

I put in place
Chain=Input
Dst Address= (address of computer on site)
Dst Port= 3389
Action= Drop
I thought this would just block that particular computer from being accessed.
Then once i got hold of the other 2 people, i could remove the open to the world rdp rule completely, but for now this is a quick fix.
However........it doesnt block it.
Is the other rule overriding it?

FORWARD chain! You want to block traffic THROUGH the router, not targetted at the router!
And offcourse the PLACEMENT of this rule is important too, you can always put it all the way on the top and watch the counters.

So, for some unknown reason, the router i've just come to manage, some lunatic has set it to have port 3889 open to the world.....
I've therefor setup a vpn, and i'm moving people over to it. However, there are 2 people currently working through rdp that I cannot get hold of, so what I want to do is just start blocking off the IP addresses of people i've already switched over so that their computer is no longer accessible via rdp.

I put in place
Chain=Input
Dst Address= (address of computer on site)
Dst Port= 3389
Action= Drop
I thought this would just block that particular computer from being accessed.
Then once i got hold of the other 2 people, i could remove the open to the world rdp rule completely, but for now this is a quick fix.
However........it doesnt block it.
Is the other rule overriding it?

FORWARD chain! You want to block traffic THROUGH the router, not targetted at the router!
And offcourse the PLACEMENT of this rule is important too, you can always put it all the way on the top and watch the counters.

I've tried this, and put it as forward but its still allowing me to connect to that specific ip from outside the network via rdp........

Can you please share the config of your Mikrotik devices.
/export hide-sensitive file=anynameyoulike

I've tried this, and put it as forward but its still allowing me to connect to that specific ip from outside the network via rdp........

Did you place the rule on the top of the chain too ??

if you work with bridge interfaces, that you must enable ip firewall on the bridge itself
so, command like this