Block traffic between VLAN
Posted: Wed Mar 27, 2019 6:08 pm
Hi guys,
I have problems when configuring vlan on mikrotik router.
I have 10 VLAN: 10 -> 20
I want to block traffic between vlans
But, I write too many rules but it doesn't work
Please help me
Tks,
/ip firewall filter
add action=drop chain=forward comment="Cam truy cam giua VLAN 11 va VLAN khac" \
dst-address-list=VLAN12 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN13 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN14 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN14 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN11
add action=drop chain=forward comment="Cam truy cam giua VLAN 12 va VLAN khac" \
dst-address-list=VLAN13 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN14 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN15 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN16 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN12
add action=drop chain=forward comment="Cam truy cam giua VLAN 13 va VLAN khac" \
dst-address-list=VLAN14 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN15 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN16 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN13
add action=drop chain=forward comment="Cam truy cam giua VLAN 14 va VLAN khac" \
dst-address-list=VLAN15 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN16 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN14
add action=drop chain=forward comment="Cam truy cam giua VLAN 15 va VLAN khac" \
dst-address-list=VLAN16 src-address-list=VLAN15
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN15
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN15
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN15
add action=drop chain=forward comment="Cam truy cam giua VLAN 16 va VLAN khac" \
dst-address-list=VLAN17 src-address-list=VLAN16
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN16
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN16
add action=drop chain=forward comment="Cam truy cam giua VLAN 17 va VLAN khac" \
dst-address-list=VLAN18 src-address-list=VLAN17
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN17
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN18
I have problems when configuring vlan on mikrotik router.
I have 10 VLAN: 10 -> 20
I want to block traffic between vlans
But, I write too many rules but it doesn't work
Please help me
Tks,
/ip firewall filter
add action=drop chain=forward comment="Cam truy cam giua VLAN 11 va VLAN khac" \
dst-address-list=VLAN12 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN13 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN14 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN14 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN11
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN11
add action=drop chain=forward comment="Cam truy cam giua VLAN 12 va VLAN khac" \
dst-address-list=VLAN13 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN14 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN15 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN16 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN12
add action=drop chain=forward comment="Cam truy cam giua VLAN 13 va VLAN khac" \
dst-address-list=VLAN14 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN15 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN16 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN13
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN12
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN13
add action=drop chain=forward comment="Cam truy cam giua VLAN 14 va VLAN khac" \
dst-address-list=VLAN15 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN16 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN14
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN14
add action=drop chain=forward comment="Cam truy cam giua VLAN 15 va VLAN khac" \
dst-address-list=VLAN16 src-address-list=VLAN15
add action=drop chain=forward dst-address-list=VLAN17 src-address-list=VLAN15
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN15
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN15
add action=drop chain=forward comment="Cam truy cam giua VLAN 16 va VLAN khac" \
dst-address-list=VLAN17 src-address-list=VLAN16
add action=drop chain=forward dst-address-list=VLAN18 src-address-list=VLAN16
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN16
add action=drop chain=forward comment="Cam truy cam giua VLAN 17 va VLAN khac" \
dst-address-list=VLAN18 src-address-list=VLAN17
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN17
add action=drop chain=forward dst-address-list=VLAN20 src-address-list=VLAN18