Community discussions

MikroTik App
  4. RouterOS
  5. General

Block Ip address

Post Reply
 
Burgerkhmer
just joined
Topic Author
Posts: 8
Joined: Thu Aug 22, 2013 11:31 am

Block Ip address

Thu Aug 22, 2013 11:54 am

Dear All,

Could you please help me.

I'm using RouterBoard 750, 2.38.

I connect all my computers 192.168.1.1/24 with port1. I wonder if I want to block computer A 192.168.1.10/24 to communicate with computer B 192.168.1.11/24 it's possible to do that?

Please help!!!

Thank you
Top
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:
Contact rickfrey

Re: Block Ip address

Fri Aug 23, 2013 8:40 pm

You can use this rule to block traffic from one host to another host. This will block all traffic both directions. You can also modify it to only block specific traffic or to block a whole subnet from another host/ subnet. Using this rule with an address list can be very helpful as well.

/ip firewall filter
add action=drop chain=forward dst-address=192.168.1.11 src-address=192.168.1.10
Top
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Block Ip address

Fri Aug 23, 2013 9:02 pm

You can use this rule to block traffic from one host to another host. This will block all traffic both directions. You can also modify it to only block specific traffic or to block a whole subnet from another host/ subnet. Using this rule with an address list can be very helpful as well.

/ip firewall filter
add action=drop chain=forward dst-address=192.168.1.11 src-address=192.168.1.10
The problem with that is since they are presumably connected to a switch/hub connected to port one that traffic will never go through the router. So you can't block it. Computers don't need to hit the router for "local" traffic.
Top
 
Burgerkhmer
just joined
Topic Author
Posts: 8
Joined: Thu Aug 22, 2013 11:31 am

Re: Block Ip address

Mon Aug 26, 2013 6:40 am

really thanks for you replay !!!

But I'm using with a normal switch connected to ether1 (192.168.1.1/24) and all my computer connected to that switch , and i wonder if the Mikrotik can block all the communication from Computer A 192.168.1.10/24 to Computer B 192.168.1.11/24.

Super Thank you all.
Top
 
rkau045
newbie
Posts: 45
Joined: Mon Jun 25, 2012 9:14 pm

Re: Block Ip address

Mon Aug 26, 2013 6:47 am

As efaden stated in post 3, the traffic between computer A and computer B never even gets to the MikroTik router, so it has no control in your current configuration.

My name is _______ and I approve this message.
Top
 
kashifmac2005
newbie
Posts: 28
Joined: Thu Aug 22, 2013 9:27 pm

Re: Block Ip address

Mon Aug 26, 2013 10:24 am

Dear All,

Could you please help me.

I'm using RouterBoard 750, 2.38.

I connect all my computers 192.168.1.1/24 with port1. I wonder if I want to block computer A 192.168.1.10/24 to communicate with computer B 192.168.1.11/24 it's possible to do that?

Please help!!!

Thank you
Brother for this kind of security you need managed switch because that kind of switches have mac address table filtration and using managed switches u can use more secure option which is "VLAN tagging" but as for simple solution u should connect both nodes to router ports directly but rb 750 router does not have more then 5 ports so you can use 4 ports as switch except 1 which is mostly assigned for WAN connection
Top
 
Burgerkhmer
just joined
Topic Author
Posts: 8
Joined: Thu Aug 22, 2013 11:31 am

Re: Block Ip address

Tue Aug 27, 2013 5:14 am

Really thank for your advise

I'm really appreciated

Thank you
Top
Post Reply
  4. RouterOS
  5. General