hello
i have rb600 with 4 sectors and about 70 clients connected to it, i have configured rb600 as bridge (proxy arp) .

all clients have public ips, (client devices are loco2)

i want to block managmanet of client devices, i want to allow only some ips which can change settings for clients, for configuring we are using web managament of loco2.


thank you

change admin username from 'ubnt' to 'admin' on the locos.
Throws everyone.

of course i have changed but some people nows password again, so i want to block them to accessing loco 2, i want to block them from rb600

Use firewall filters to drop that traffic, if you have a RouterOS device inbetween.

It's hard to be more specific without more details (network layout/diagram, management and customer IP addressing etc.)

rb600 is ap, all clients are connected to rb 600, i want to block managament access on clients,

Same answer. Without IP addressing schemes and a clear idea of what the network looks like it's impossible to write firewall filter rules for you.

So read the wiki on firewall filtering and write rules, or post those details.

just block the port 80 management to the specific nanoloco's IP's. and create a white-list to the IP tha need manage the radios.


ejemplo:

IP firewall address-list add address=xxx.xxx.xxx.xxx. list=WEB-WL

Accept

chain=forward dst-address=xxx.xxx.xxx.xxx (nanolocosIP's) action=accept protocol=tcp dst-address-list=web-WL-Senders dst-port=80
chain=forward dst-address=xxx.xxx.xxx.xxx (nanolocosIP's) action=accept protocol=tcp src-address-list=web-WL-Senders dst-port=80

Block
chain=forward dst-address=xxx.xxx.xxx.xxx (nanolocosIP's) action=drop protocol=tcp dst-address-list=!SMTP-WL-Senders dst-port=80

Thank you everything is working