![]() However, it's generally best to assume that intra-subnet traffic is unfiltered. (Although RouterOS allows overriding that if necessary – under /interface ethernet switch rule, you can find an option to redirect packets from PC-2 to the OS as well. Note: Within the same subnet, access will always be allowed, as communications only go through the built-in switch and don't reach the OS. The rule checking goes from top to bottom until first match, so make sure the rule goes after "allow established" but before any "allow everything" rules you might have. 192.168.88.0/24 for the IPv4 rule, or 2001:db8:abcd:0::/64 for IPv6. MikroTik RouterOS 6.29.1 im blocking the traffic between a network and some hosts: 1 chaininput actiondrop mac-protocolip src-address192.168.0.16/28 dst-address172.16.0.0/24 logno log-prefix'' 2 chaininput actiondrop mac-protocolip src-address192.168.0.32/27 dst-address172.16.0. ![]() Here should be the prefix you want to allow, e.g. This can be translated almost directly to firewall rules:Īllow from PC-2 to LAN: add chain=forward src-address= dst-address= action=acceptĭeny from PC-2 to everywhere else: add chain=forward src-address= action=rejectĭeny from PC to not-LAN: add chain=forward src-address= dst-address=! action=reject
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |