Page 1 of 1
How to drop an IP address
Posted: Fri Apr 21, 2006 9:45 pm
by mahendra
i'm a newbie here, i have some clients with their own static IP address range 192.168.0.0/24. If they change their IP to another number, how to make them disconnect to the router. Or in other word, how can we drop unwanted client IP address on our router local interface? thanks
Posted: Fri Apr 21, 2006 11:05 pm
by valens
Friend, you should read the manual first before asking here.
But, you can try using mac address protection:
/ip firewall filter add src-mac-address=[client mac address] src-address=![client correct ip address] action=drop
Posted: Sat Apr 22, 2006 3:07 am
by mahendra
thank you valens ... i have another question, can we register or put our client ip address in some kind of ip table in the router? FYI, i use mikrotik OS 2.8.28. Thank you
btw, i already did what u've suggested, but the ip i want to drop or reject is still in my firewall connections table, they still have access to the internet.
Posted: Sat Apr 22, 2006 6:57 am
by balimore
thank you valens ... i have another question, can we register or put our client ip address in some kind of ip table in the router? FYI, i use mikrotik OS 2.8.28. Thank you
btw, i already did what u've suggested, but the ip i want to drop or reject is still in my firewall connections table, they still have access to the internet.
-----------------------
Hello Mahendra
i thing better DROP methode for that action....
Peace all
Balimore DOT com
-----------------------
Posted: Sat Apr 22, 2006 10:56 am
by Gotmoh
Friend, you should read the manual first before asking here.
But, you can try using mac address protection:
/ip firewall filter add src-mac-address=[client mac address] src-address=![client correct ip address] action=drop
Isnt your rule will drops every ip except
one pair MAC+IP ? I mean it will work only for one client.
Im using construction with lotof pass rules. One pass rule for one MAC+IP pair. At the end i have one rule to drop everyting whats not equal to previous passing rules.
Posted: Sat Apr 22, 2006 10:12 pm
by valens
Mahendra:
update to the newest version.
2.9.x have ip address list feature.
Posted: Sat Apr 22, 2006 10:14 pm
by valens
Isnt your rule will drops every ip except one pair MAC+IP ? I mean it will work only for one client.
Im using construction with lotof pass rules. One pass rule for one MAC+IP pair. At the end i have one rule to drop everyting whats not equal to previous passing rules.
Gotmoh, I didn't check my script yet, and never use it before.
But AFAIK, my script above will do:
Router will block client with mac-address xxxxx if they are not using IP YYYY
If mac-address is not xxxxxx so it will not droped.