Page 1 of 1
only allow access to default gateway and internet
Posted: Thu Feb 12, 2015 8:14 pm
by dadaniel
Can someone please tell me the firewall rules I need to allow only traffic that goes to the current default gateway of the routerboard and to Internet?
Thank you very much in advance!
Re: only allow access to default gateway and internet
Posted: Thu Feb 12, 2015 10:40 pm
by conecting
Can you share a picture of yours network ?
Re: only allow access to default gateway and internet
Posted: Fri Feb 13, 2015 8:51 am
by dadaniel
ISPs router and the rest of the network is plugged into ether0, ether1 to ether4 is hardware switched(master port ether1), ether0 and ether1 are member of bridge1
dhcp-client is running on bridge1 and get dhcp data including default gateway from ISPs modem.
These are the only changes I made from default config.
I have to prevent devices attached to ether1-ether4 from connecting to anything other than the default gateway or the Internet. I want to avoid double nat so I need to do this in bridge mode.
Re: only allow access to default gateway and internet
Posted: Fri Feb 13, 2015 10:20 am
by conecting
well If i understand yours configuration properly than you need just one simple firewall rule for every port.
open winbox
press ip-> firewall
press plus button
chain forward
in interface ether2(or any other name depends on how you named your even port (yours fourth port should be even)
out interface ! (you have to press to the bank white square to make negation than you will see before it ! ) ether0 (depends on how you named it before)
on the top press action and choose drop and hit apply button.
repeat this for ports(in interface) ether3, ether4
and this should helps