MikroTik

Community discussions
https://forum.mikrotik.com/

Firewallrule: TTL=1 to block Tethering and private Hotspot

https://forum.mikrotik.com/viewtopic.php?t=120301

Page 1 of 1

Firewallrule: TTL=1 to block Tethering and private Hotspot

Posted: Sun Apr 02, 2017 10:42 pm
by VlanLearner
I know this is not a save rule but the only option I have ....

Please help with this firewall rule. I would like to prevent the user from opening their own hotspot or tethering. In all VLANs it should be forbidden. Only in the AdminVLAN100 it should be allowed.

What do you think of the rules?

1. Rule:
/ip firewall mangle
add chain=postrouting action=change-ttl new-ttl=set:128 out-interface=AdminVLAN100
2. Rule:
/ip firewall mangle
add chain=postrouting action=change-ttl new-ttl=set:1 out-interface=all vlan

Greetings VlanLearner
Excuse me for my bad english (google translation)

Re: Firewallrule: TTL=1 to block Tethering and private Hotspot

Posted: Sun Apr 02, 2017 11:23 pm
by pe1chl
Remember that such rules do not normally end processing when they match, as "accept" does.
So you need to arrange for that or else your first rule will do nothing.

Re: Firewallrule: TTL=1 to block Tethering and private Hotspot

Posted: Sun Apr 02, 2017 11:58 pm
by sash7
these guys who "opening their own hotspot" 100% know how to deal with ttl1 )
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/