In this tutorial, we will learn how to block a specific IP address or IP range to connect to the internet.
In this scenario, we will assume that our LAN network is 192.168.1.0/24. The Mikrotik Ether1 port is connected to our local network and the Ether2 port is connected to our Internet Service Provider.
Now we want to block access to the Ether2 port or the internet for a specific IP address such as 192.168.1.100 or a specific IP range 192.168.1.100-192.168.1.110. The rest of the addresses will have access to the internet. We will go through these settings using the "Winbox" tool.
Login to your Mikrotik router and go to the "Firewall" section.
Navigate to the "Filter Rules" and click on the (+) sign to create a new firewall rule.
Now navigate to the "General" tab and select "forward" as the "Chain" value. Then click on "Src Address".
At the "Src. Address" field, write that specific address that you want to block. As our example, the address will be 192.168.1.100.
Now click on the "Out. Interface" parameter and select "Ether2" as the value. Because the Ether2 port is connected to the internet or our ISP.
Now go to the "Action" tab and select "drop" as the action value. Because we want to apply the restriction to access the Ether2 or the internet for the 192.168.1.100 address.
Everything is done. Now click on "Apply" and then "OK". From now on if the router receives a packet with a source IP address which is 192.168.1.100 and that packet is requesting access to the internet or the Ether2 interface, then this packet will be dropped. Because we have selected the "Action" value as "drop".
If we want we can use an address range instead of a single address. Let's assume that we want to block an address range for 192.168.1.100 to 192.168.1.110. Then, the entry will be for the "Src. Address" parameter is "192.168.1.100-192.168.1.110".
That's it. Thank you.
No comments:
Post a Comment