hehehe
how to make rules like:
Client A. 192.168.1.2 can not ping to client B. 192.168.2.2 but
client B. 192.168.2.2 can ping to client A. 192.168.1.2
please help.. guys..
firewall filter
please help.. i am newbie here..
hehehe
how to make rules like:
Client A. 192.168.1.2 can not ping to client B. 192.168.2.2 but
client B. 192.168.2.2 can ping to client A. 192.168.1.2
please help.. guys..
hehehe
how to make rules like:
Client A. 192.168.1.2 can not ping to client B. 192.168.2.2 but
client B. 192.168.2.2 can ping to client A. 192.168.1.2
please help.. guys..
Re: firewall filter
how are these clients connected to the router? are they wireless users, or lan users connected through a switch?
Re: firewall filter
lan users connected throungh a switchhow are these clients connected to the router? are they wireless users, or lan users connected through a switch?
i have 2 lan card in my router, A. 192.168.1.1 and B. 192.168.2.1
Re: firewall filter
in that case, their connections are not going through the router at all, you can't control them.
Re: firewall filter
if the connections are going through on the router.., how i can control them..?in that case, their connections are not going through the router at all, you can't control them.
Re: firewall filter
but they are not 
if they would be connected directly to the router, instead of a switch, you would make simple filter rules like:
if they would be connected directly to the router, instead of a switch, you would make simple filter rules like:
Client A. 192.168.1.2 can not ping to client B. 192.168.2.2 but
client B. 192.168.2.2 can ping to client A. 192.168.1.2
Code: Select all
/ip firewall filter add chain=forward src-address=192.168.2.2/32 dst-address=192.168.1.2/32 action=accept
/ip firewall filter add chain=forward src-address=192.168.1.2/32 dst-address=192.168.2.2/32 action=drop
Re: firewall filter
Hi,
If your topology is as following then you may try the configuration as below.
Switch1(192.168.1.0/24)------------(RouterOS)------------Switch2(192.168.2.0/24)
/ip firewall filter
add action=drop chain=forward comment="ping block" disabled=yes icmp-options=8:0-255 \
protocol=icmp src-address=192.168.1.0/24
thanks,
Sudipta
If your topology is as following then you may try the configuration as below.
Switch1(192.168.1.0/24)------------(RouterOS)------------Switch2(192.168.2.0/24)
/ip firewall filter
add action=drop chain=forward comment="ping block" disabled=yes icmp-options=8:0-255 \
protocol=icmp src-address=192.168.1.0/24
thanks,
Sudipta
Re: firewall filter
Sorry for typo......in the above config put disabled=no
/ip firewall filter
add action=drop chain=forward comment="ping block" disabled=yes icmp-options=8:0-255 \
protocol=icmp src-address=192.168.1.0/24
Thanks,
Sudipta
Re: firewall filter
is it working?!? I would add 'connection-state=new', because if you simply accept one direction and drop opposite direction - ping won't work in both directions, no?..Code: Select all/ip firewall filter add chain=forward src-address=192.168.2.2/32 dst-address=192.168.1.2/32 action=accept /ip firewall filter add chain=forward src-address=192.168.1.2/32 dst-address=192.168.2.2/32 action=drop
Re: firewall filter
is it working?!? I would add 'connection-state=new', because if you simply accept one direction and drop opposite direction - ping won't work in both directions, no?..Code: Select all/ip firewall filter add chain=forward src-address=192.168.2.2/32 dst-address=192.168.1.2/32 action=accept /ip firewall filter add chain=forward src-address=192.168.1.2/32 dst-address=192.168.2.2/32 action=drop
yups it is working, i am use the sudiptakp solution..
thankss...
by the way guys, how i can block connection between Client A. 192.168.1.2 and client B. 192.168.2.2, but client B. can connect to client A.
need your help guys..
Re: firewall filter
omg!.. http://forum.mikrotik.com/viewtopic.php ... 94#p181694by the way guys, how i can block connection between Client A. 192.168.1.2 and client B. 192.168.2.2, but client B. can connect to client A.
Re: firewall filter
i mean, client A. 192.168.1.2 can not see shared folder in client B. 192.168.2.2 but
client B. 192.168.2.2 can see shared folder in client A 192.168.1.2
if i used this code :
/ip firewall filter add chain=forward src-address=192.168.2.2/32 dst-address=192.168.1.2/32 action=accept
/ip firewall filter add chain=forward src-address=192.168.1.2/32 dst-address=192.168.2.2/32 action=drop
client A and B totally can not connect
client B. 192.168.2.2 can see shared folder in client A 192.168.1.2
if i used this code :
/ip firewall filter add chain=forward src-address=192.168.2.2/32 dst-address=192.168.1.2/32 action=accept
/ip firewall filter add chain=forward src-address=192.168.1.2/32 dst-address=192.168.2.2/32 action=drop
client A and B totally can not connect
Re: firewall filter
omg!.. http://forum.mikrotik.com/viewtopic.php ... 94#p181694by the way guys, how i can block connection between Client A. 192.168.1.2 and client B. 192.168.2.2, but client B. can connect to client A.
thanks bro.. i am release must used "connection-state=new"
thanks bro...
by the way, can mikrotik block mac address ?
Re: firewall filter
/ip firewall filter add src-mac-address=