Page 1 of 1
Simplest Way to only let certain IP ranges use Winbox or SSH
Posted: Thu May 28, 2015 2:58 pm
by monkeybike
Hi,
What is the simplest way to make sure I can admin the routerboard only via IP's in a safe list?
Regards
Richy
Simplest Way to only let certain IP ranges use Winbox or SSH
Posted: Thu May 28, 2015 3:27 pm
by jarda
Put those ip addresses into each service, disable all other services and implement firewall with general drop rule on the end of each chain explicitly enabling only what you need by rules above that.
Re: Simplest Way to only let certain IP ranges use Winbox or SSH
Posted: Thu May 28, 2015 5:51 pm
by monkeybike
Is that under
Ip / services?
Then just add in network ranges?
Then what would the firewall rule look like to drop connections?
Dont want to get it wrong then lock myself out
Richy
Re: Simplest Way to only let certain IP ranges use Winbox or SSH
Posted: Fri May 29, 2015 9:33 am
by TomosRider
You can do what Jarda said or you can just simply add network address under ip/services/winbox. After that, only address/address range will have access to router.
Re: Simplest Way to only let certain IP ranges use Winbox or SSH
Posted: Fri May 29, 2015 11:14 am
by pukkita
If you're doing that remotely, enter
Safe Mode first so that if you accidentally lock you out, those changes are rolled back.
Don't forget to exit safe mode properly if everything works, as if you intentionally log out with safe mode on changes would be rolled back.