Community discussions

MikroTik App
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

How do I block unknown devices?

Wed Feb 16, 2022 10:00 pm

I wanna make a rule where it blocks internet to devices that are not in a address list.
I've got it set up like this. chain forward> src. address list if not (list) > action drop.
But instead of blocking devices that aren't on the list it just blocks everything. : /
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: How do I block unknown devices?

Wed Feb 16, 2022 10:10 pm

Can you please share your exact configuration? So...all the filters and the list involved.
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Wed Feb 16, 2022 10:13 pm

Can you please share your exact configuration? So...all the filters and the list involved.
How would I do that? Do I need to export the config or something?
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: How do I block unknown devices?

Wed Feb 16, 2022 10:24 pm

If you post the complete export, we can check the entire config:

/export hide-sensitive file=anynameyoulike
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Wed Feb 16, 2022 10:45 pm

If you post the complete export, we can check the entire config:

/export hide-sensitive file=anynameyoulike
How does this look?
You do not have the required permissions to view the files attached to this post.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: How do I block unknown devices?

Fri Feb 18, 2022 2:49 am

First of all, generally the recommendation is to specifically allow what you want to allow and then at the bottom each chain, delete everything. For example:
add action=drop chain=forward comment=\
    "Drop any forward packets that get this far"
and
add action=drop chain=input comment=\
    "Drop any input packets that get this far"
Using that mentality, I would change your first rule to allow "known devices" and then add a drop everything at the end of the forward chain. Of course several other of your rules would require similar changes.

Also, makes it easier for us humans if you group all your input packets together and all your forward packets together, etc rather than mixing them together. The router does not care, but it is far easier for us humans to read.
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Sat Feb 19, 2022 6:03 pm

cool, I rebooted my router, now my configs don't work.
I didn't change anything in my configs. they just stopped working. like i cant block facebook anymore, and none of my simple ques work either.
How the fuck is router os so bad?
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: How do I block unknown devices?

Sat Feb 19, 2022 6:23 pm

The Router is not alive! The router responds to what you have configured.
More than likely you locked yourself out of the router by not understanding how all the firewall rules work.
Nothing wrong with RoS!
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Sat Feb 19, 2022 6:33 pm

The Router is not alive! The router responds to what you have configured.
More than likely you locked yourself out of the router by not understanding how all the firewall rules work.
Nothing wrong with RoS!
wtf does that mean?
There was nothing wrong with the config. it just stopped working for no reason.
how do i fix it???
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: How do I block unknown devices?

Sun Feb 20, 2022 10:01 pm

Try to connect with MAC address if only you allowed it in the configuration.
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Mon Feb 21, 2022 11:13 am

Try to connect with MAC address if only you allowed it in the configuration.
No. I can log into the router and shit somewhat works. But the issue is that it doeant block thing like facebook.com and it doesn't limit the internet speed to devices on certain websites in simple ques.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: How do I block unknown devices?

Mon Feb 21, 2022 12:47 pm

block thing like facebook.com
Can not be done. Same as with torrent etc.
As long as you do not have 100% control of the clients (typical a corporate network), you are out of luck.
You can try block DNS: Client uses another DNS
You try to redirect DNS: Clients uses DoH
You try to block IP: Facebook IP do change.
Client uses VPN etc.
If this is for children, do give them education and tell them if they missuses the trust it will give consequences.
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Mon Feb 21, 2022 3:05 pm

block thing like facebook.com
Can not be done. Same as with torrent etc.
As long as you do not have 100% control of the clients (typical a corporate network), you are out of luck.
You can try block DNS: Client uses another DNS
You try to redirect DNS: Clients uses DoH
You try to block IP: Facebook IP do change.
Client uses VPN etc.
If this is for children, do give them education and tell them if they missuses the trust it will give consequences.
Bruh... Ok what about blocking all internet access? And what about limiting peoples internet speed?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: How do I block unknown devices?

Mon Feb 21, 2022 3:35 pm

Blocking all and open certain sites may be a way to go. Many sites do not work with just one IP open, everything is interconnected.
But then the kids just use their cellular network, friends cellular network, neighbor wifi etc.
 
User avatar
NotAdad
just joined
Topic Author
Posts: 22
Joined: Sat Jan 09, 2021 10:25 pm

Re: How do I block unknown devices?

Mon Feb 21, 2022 5:47 pm

Blocking all and open certain sites may be a way to go. Many sites do not work with just one IP open, everything is interconnected.
But then the kids just use their cellular network, friends cellular network, neighbor wifi etc.
Ok, but how do I do it? I literally can't block anything.
Its like the firewall rules i set up dont work at all.
Everything worked fine until I rebooted my router. Why is that?
 
frankyrumple
just joined
Posts: 1
Joined: Fri Sep 30, 2022 10:31 pm

Re: How do I block unknown devices?

Fri Sep 30, 2022 10:36 pm

I setup multiple users (kids).
One is called "UnknownDevices". It is set to block all day long.
One is called "ApprovedDevices". It is set to allow all day long. All my devices are put here.
Some users for kids devices with proper block/allow times set.

Add this script. It will take any device that isn't assigned to a user and assign it to the "UnknownDevices" user.

Setup the scheduler to run the script every ?? seconds - i put 30 seconds. That means within 30 seconds, a new device will automatically get pushed to the "UnknownDevices" user and therefore be blocked. This will mean that IOS devices that change their mac address will get blocked automatically.
#log info "Checking for unknown devices...";
:foreach i in=[/ip kid-control device find user=""] do= {
    :local name [/ip kid-control device get $i name];
    :local mac [/ip kid-control device get $i mac-address];
    #log info $i;
    #log info $name;
    #log info $mac;
    
    :local dt ([/system clock get date ] . "_" . [ /system clock get time ]);
    #log info $dt;
    
    if ($name = "") do={
        :set name "<Unknown>";
    }
    :set name "$name $dt";
    log warning "** Found Unknown device $name - adding to UnknownDevices list.";
    /ip kid-control device add name="$name" user="UnknownDevices" mac-address=$mac
}

Who is online

Users browsing this forum: Google [Bot], mtkvvv, Rox169 and 34 guests