Community discussions

MikroTik App
 
tomislav91
Member
Member
Topic Author
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

block ping but see what is pinged?

Wed Nov 24, 2021 4:52 pm

I have this little script to push into locations

 :global MySubnet [:put [/ip firewall nat get [find where dst-address="192.168.0.0/16"] src-address]]'
ip firewall address-list add address=192.168.0.0/16 list=BlockLAN'
ip firewall address-list add address=10.100.0.0/16 list=BlockLAN'
ip firewall filter add action=drop chain=input dst-address=$MySubnet protocol=icmp src-address=!10.100.0.100 src-address-list=BlockLAN place-before=0'
 ip firewall filter add action=drop chain=forward dst-address=!10.100.0.100 dst-address-list=BlockLAN protocol=icmp src-address=$MySubnet place-before=0'
Idea is that i see that have packets and bytes into this rules, but how to redirect this to seperate address list with pinged ip?
Is it possible?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: block ping but see what is pinged?

Wed Nov 24, 2021 5:03 pm

Basic-Exemple
/ip firewall filter
add action=add-dst-to-address-list address-list=PingedIP address-list-timeout=none-dynamic chain=forward comment="Identify ICMP / PING Servers " out-interface-list=WAN protocol=icmp
add action=drop chain=forward comment="Drop: ICMP / PING (LAN -> WAN)" out-interface-list=WAN protocol=icmp
 
tomislav91
Member
Member
Topic Author
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

Re: block ping but see what is pinged?

Wed Nov 24, 2021 11:25 pm

yeah but that is whats pinged in general, but i want what is pinged from my BlockLAN address lists, not all in general
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: block ping but see what is pinged?

Thu Nov 25, 2021 12:43 am

Here you go...
/ip firewall filter
add action=add-dst-to-address-list address-list=PingedIP address-list-timeout=none-dynamic chain=forward comment="Identify ICMP / PING Servers " dst-address-list=BlockLAN protocol=icmp
 
tomislav91
Member
Member
Topic Author
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

Re: block ping but see what is pinged?

Fri Nov 26, 2021 9:14 pm

when i ping some server from pc where those rules are implemented nothing happend.
Something is wrong about this adding to new address list
test.png
You do not have the required permissions to view the files attached to this post.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: block ping but see what is pinged?

Fri Nov 26, 2021 9:30 pm

Good Evening,

Can you please Export and Post the Firewall
 /ip firewall export
 
tomislav91
Member
Member
Topic Author
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

Re: block ping but see what is pinged?

Sun Nov 28, 2021 11:57 pm

the rules are on top, there is no need for exporting, you see all in this post, your code that you wrote to me, doens fill out address list when i try to ping from PC (which is on mikrotik network)

Who is online

Users browsing this forum: jaclaz and 15 guests