Community discussions

MikroTik App
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Ping: Router from different VLAN -> drop

Mon Jan 16, 2023 11:27 am

Hi,

is it possible to restrict pings to the router, so that only the the interface respondes to which the clients belongs?
Example:

Router:
VLAN1: 192.168.1.1/24
VLAN2: 192.168.2.1/24

A client from VLAN1 should not be able to ping 192.168.2.1 (VLAN2-Interface).
How can I achieve this in a setup with multiple VLANs (without a static Firewall-Filter-Input-rule for every VLAN)?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Ping: Router from different VLAN -> drop

Mon Jan 16, 2023 11:41 am

Something like the following should work. I'm not testing myself (because I find such rules unnecessary cosmetics).
/ip firewall filter
add chain=input action=drop dst-address=192.168.2.1 in-interface=!VLAN-2
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Ping: Router from different VLAN -> drop

Mon Jan 16, 2023 4:30 pm

I too prefer configs without makeup :-)
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: Ping: Router from different VLAN -> drop

Mon Jan 16, 2023 7:59 pm

because I find such rules unnecessary cosmetics

I agree with you! Unfortunately we use other routing-vendors too and they behave this way (and they cant changed).
So we prefer a consistent behaviour throughout all vendor-hardware.

Who is online

Users browsing this forum: Bing [Bot], daliusm, roemer and 94 guests