This possible mark packet for ttl in mikrotik 3.0?

execuse my bad english.

I need to block ttl <128, to permit only packet ttl 128 (windows) and ttl 64 (linux), for sharing block, in Linux is simple, but, in mikrotik I don´t.

This is possible in new mikrotik (beta)?

You can change the TTL with mangle rules.

Here is an example that changes the TTL to 1 for all packets destined for 192.168.10.*

/ip firewall mangle add action=change-ttl chain=postrouting disabled=no dst-address=192.168.10.0/24 new-ttl=set:1

This does not work perfectly, I need only allow the tll 128 and ttl 64, to set ttl for 1, no working perfectly and allow windowx xp sharing

Have you tried setting the TTL to 0?

-Louis

yes, not working, ttl 0 no break sharing connection.

About this subject: I tried it and sniffed the packets. TTL is being changed. But Win ICS is still able to share the connection, I don't know, maybe MS did something.

So for now on two networks we are doing the reverse thing - detecting ttl that is not 128 and not 64 and adding the client to a list or marking the packets.

But this is still stupid because 90% of these bastarbs use a home router. And the competition lets 'em have whatever TTL so ... this is useful when theres no competition.

I use TTL to hide routers from traceroute ;)

when TTL changes?
A: Each time the packet pass through L3 device (Firewall, Router, Nat,...) TTL = TTL - 1.

I've tried the follow setting in my L2 network:
No nat/routing between clients and Mk and it works perfectly!

Best regards,
Iván Carrasco Q.