Hi guys,

Anybody know were can I found the explanation of the dynamic rules and "variables" ("auth", "to-client", "from client") that use Hotspot?

thanks you very so much!

Regards

HotSpot firewall rules described here,
http://www.mikrotik.com/testdocs/ros/2. ... hp#7.41.14

okey, thanks Sergejs.

I read it and understand it.

But I have a little problem. I want that a Hotspot registered user with a special mark in its pakets, only can navigate the WalledGarden.

here are my filter and nat firewall parts:

I do not undestand your question. Any user can navigate walled-garden pages, registred user may navigate all pages. If you need configuration that registred user will be able to navigate only few pages, then additional static firewall rules will be reuqired to accomplish this.

My system works as following:

- All my clients login using hotspot
- To validate the clients I use radius+SQL
- When the client login, if the radius server reply with a Mark-Id (such as "Account_Disabled") the client would be redirected to its account status page, were it said that he had to paid to continue navigating; and the only page that he could navigate would be the account status page. If the radius server do not repply any mark (because the client had paid), the client will navigate normally.

I tried to use pre-hs-input chain in filter to reject packets with the "Account_Disabled" mark, but I do not know the reason it isn't working.

Regards