/ip firewall filter add chain=forward action=drop time="20:00:00-23:50:00,mon,tue,wed,thu,fri,sat,sun" src-mac-address=F8:A9:63:34:B9:91

I have the above filter in place. When the time hits I can see the packets counting on the GUI interface which start counting exactly at the time the filter starts. However the workstation is still able to continue working.

I rebooted the router but still no luck. Any ideas?

I have something similar and it works fine. Can you export your firewall filters?

/ip firewall filter add action=drop chain=forward src-mac-address=F8:A9:63:34:B9:91 time=21h15m-23h59m,sun,mon,tue,wed,thu,fri,sat

the weird part as I said is when the time of day hits then on the GUI you see the byte counters show the traffic.

Probably existing connections from the host keep working via an earlier rule that accepts established/related connections.

Go in the connections tab and remove all connections with that host's IP and I bet it kills everything. If so, make a script to do this and schedule it for 1 minute after the rule kicks in.

this is the only rule I have. Been pretty simple up to now. How would I make a script to drop that connection? Shouldnt it drop by itself just from the rule however?

THANK YOU

Not quite sure I follow your meaning - do you mean that your forward chain has only one rule, that being the time-of-day filter?

post the results of this command in a terminal window:
/ip firewall filter print detail where chain=forward

(enclose it in a

I got this working. The IP Firewall didnt seem to kick the user off at the time. So as per your suggestion I added a schedule one minute later to drop the DHCP. That worked great! Problem solved! Thanks for everyone's help!