Community discussions

MikroTik App
 
zemzema
just joined
Topic Author
Posts: 8
Joined: Thu Dec 10, 2015 11:41 am

Use address list on several places

Fri Mar 25, 2022 11:27 am

Is there any chance that some of future version of RoS have option to use address list in places such services, users... (in option like Available From/Allowed Address)?
 
psannz
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Nov 09, 2015 3:52 pm
Location: Renningen, Germany

Re: Use address list on several places

Fri Mar 25, 2022 11:43 am

Is there any chance that some of future version of RoS have option to use address list in places such services, users... (in option like Available From/Allowed Address)?
Services (whatever you mean by that) can already be limited like that by building a firewall rule that blocks acccess unless accessed from address list xyz.

If you want to limit by user, you will have to track them somehow, e.g. via Radius. The question is then if you want to track their IP addresses (address list) or the sessions/connections which would be quite a bit more complex.
 
zemzema
just joined
Topic Author
Posts: 8
Joined: Thu Dec 10, 2015 11:41 am

Re: Use address list on several places

Fri Mar 25, 2022 11:53 am

IP -> Services, and than you can put IP addresses in Available From, but it be much easier if there is some way to use address list from some other option, like firewall, or to have custom lists for options like this.
 
psannz
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Nov 09, 2015 3:52 pm
Location: Renningen, Germany

Re: Use address list on several places

Fri Mar 25, 2022 12:01 pm

Example for Winbox port:
add chain=input action=accept protocol=tcp src-address-list=YourAccessListHere in-interface-list=WANinterfaces dst-port=8291
add chain=input action=drop protocol=tcp src-address-list=!YourAccessListHere in-interface-list=WANinterfaces dst-port=8291
First rule allows all connections to Winbox port 8291 from IP adresses in "YourAccessListHere" when they enter the system from on of the interfaces in the interface list "WANinterfaces"
Second rule blocks all connections to Winbox port 8291 from IP adresses NOT in "YourAccessListHere" when they enter the system from on of the interfaces in the interface list "WANinterfaces"
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Use address list on several places

Fri Mar 25, 2022 12:37 pm

Probably thinking of things like in Route Rules and other places where IP address is permitted but not firewall-address-lists.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Use address list on several places

Fri Mar 25, 2022 2:34 pm

@zemzema use VPN for manage something from users, do not allow direct access to the services inside the routerboard...

If you think that you need access lists for that, for sure you do not see the thing with the right prospective...

Who is online

Users browsing this forum: DigitalOcean [Bot], oliverlexis and 20 guests