hello.
i have a network consisting of some computer. the internal network id is 192.168.1.0/24
all computers have access to internet and working normally.
but recently a new issue had happened and i need to block internet on one of the computers having the ip 192.168.1.19
the problem faced is that i have an application on this computer and it needs access to internet. this application works on ports 500, 1500 and 4500.
so i need to block every every everything on this computer except for the ports 500, 1500 and 4500
how do i do that, i have mikrotik rb750 with software version 5.9.

your help is very apprecaited. thanks a lot.

you will need a few firewall rules with dst-address 192.168.1.19/24

first rule that allows one port (action=accept)
second rule that allows some other port (action=accept)
third rule without any port parameters, just action=drop to drop all other traffic

I would like to thank you for your reply.
i have a small notice about the ports that i need to allow. while adding the rules , do i specify the port as source port or destination port?? another question is about the source address (i keep it empty field or i put in it 0.0.0.0/0)?? and the last question is about chain, does it differ if i put it forward or input ??

thank you very much again

Specify it as "destination port".

"Source" and "destination" are named with respect to the the direction of the traffic.

The rules you are creating control traffic flow from the router(source) to the computer (destination).

In another scenario you might be creating rules governing the flow of traffic from a computer (source) to your router (destination).

If your server application uses TCP:500,1500,4500 for to connect to other application, filter rule will be following If some other application uses TCP:500,1500,4500 for to connect to your application, filter rule will be following