Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Firewall rule to block router input traffic on WIRELESS interfaces

Post Reply
 
bullshit
just joined
Topic Author
Posts: 3
Joined: Fri Mar 03, 2023 3:27 pm

Firewall rule to block router input traffic on WIRELESS interfaces

Thu Apr 13, 2023 10:08 pm

I would like to block all input traffic to my router on all wireless interfaces except for 1 ip address with a specific mac address.

I made this rule but it is not working no matter where I place it on the firewall table
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; Blocking unauthorized LAN Router access
      chain=input action=drop protocol=tcp src-address=!192.168.88.251 src-address-list="" 
      in-interface=all-wireless src-mac-address=!BE:19:AA:C2:FE:9E log=no log-prefix=""
The rule seems pretty straight forward but as I am a beginner I cant see where I am mistaking.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11582
Joined: Thu Mar 03, 2016 10:23 pm

Re: Firewall rule to block router input traffic on WIRELESS interfaces

Fri Apr 14, 2023 7:10 am

Unset / remove property src-address-list ... setting it to empty string is not the same as not setting it at all.

Setting in-interface=all-wireless is problematic as well, for two reasons:
  • using automatic interface lists has a few quirks and it's better to use interface names explicitly
  • it only works if wireless interfaces are not made bridge ports. If wireless interfaces are in fact bridge pirts, then firewall will see bridge interface as in-interface

Setting protocol=tcp means tgat this rule will not trigger on any other protocols, i.e. all remote hosts will be able to connect to router using e.g. UDP.
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], carcuevas, ips and 36 guests
  4. RouterOS
  5. Beginner Basics