Blocking IP on one of the interfaces?

S

Systemshik2015-12-21 11:07:51

Computer networks

Systemshik, 2015-12-21 11:07:51

I have a Mikrotik router. 2 providers are connected to it: provider A (ISP1) and provider B (ISP2). It is necessary to block IP on provider B so that the specified IP does not ping through this interface. And on the ISP1 interface, the ping was fine.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sergei E., 2015-12-21
@Systemshik

/ip firewall filter add chain=input protocol=icmp action=drop in-interface=ISP2 \
  src-address=11.22.33.44

Where ISP2 is the name of the interface looking at provider B, and 11.22.33.44 is the IP that needs to be denied ping.
But this would be nicer:

/ip firewall filter add chain=input protocol=icmp action=drop in-interface=ISP2 \
  src-address-list=DENY-PING
/ip firewall address-list add list=DENY-PING address=11.22.33.44

The rule must be above the allow rule:

/ip firewall filter print 
...
1     ;;; Deny ping
     chain=input protocol=icmp action=drop in-interface=ISP2 src-address-list=DENY-PING
2     ;;; Allow ping
      chain=input action=accept protocol=icmp
...

M

mikes, 2015-12-21
@mikes

A little chaotically written, of course, but if we are talking about the fact that the internal client would go to the specified IP through a specific provider, then this is decided by routing to the desired interface, and not by blocking rules.