MikroTik

Hi, It is possible to make something as dynamic filter rule ? I get gateway from dhcp-client, I want create rule what will be block all communication exept communication to gateway.. If gateway change by DHCP client this rule should reflect it. Thanks for info.

I'm afraid that either I misunderstand the purpose of such rule or you misunderstand the concept of routing via gateway.

If the goal is to prevent communication to other devices in the gateway's subnet, it is enough to disable access to the whole subnet because the gateway's IP address is not present in packets sent to other addresses via the gateway, so a rule blocking the whole subnet won't block such packets. If you get a different subnet with each DHCP assignment, you'll have to add a script to DHCP client configuration. The same applies if you do want to permit access to the gateway itself.

Hi
I think you will need to allow the communication to the DHCP server first
then you can use mangle to add the required IP to dynamic address list
then you can create firewall rule to allow the dynamic address list and drop everything else

also you have the option to execute script when you renew/drop DHCP lease
https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Client

I think you will need to allow the communication to the DHCP server first

A good point - while DHCP discovery is sent to the broadcast address, DHCP renews are sent to the individual address of the DHCP server which would be blocked along with the subnet. So an exception from the subnet-blocking rule for is necessary.