,can you please help me with a Mangle rule and their correct order? I use a Mikrotik (RB1100AHx29) WITHOUT NAT. As a small protection against private hotspot / tethering I would like to set the TTL value for all VLANs to 1 (TTL=1). Only the AdminVlan should still be able to operate with subnets etc.
Here are my rules:
1. / ip firewall mangle Add action = change-ttl chain = forward comment = "Permit private Hotspot on Admin-VLAN - set TTL=128" disabled = no in-interface = adminvlan new-ttl = set: 128 passthrough = no
2. / ip firewall mangle Add action = change-ttl chain = forward comment = "Block private Hotspot on All-VLAN - set TTL=1" disabled = no in-interface = all vlans new-ttl = set: 1 passthrough = no
Now my two question:
1. Is the Mangle rule correct? (-> no NAT!)
2. Is the order correct?
Looking forward to every reply and every tip!
Many Thanks,
vlanlearner
P.S. Sorry for my bad english - it is a google translation