S
S
Systemshik2015-12-21 11:07:51
Computer networks
Systemshik, 2015-12-21 11:07:51

Blocking IP on one of the interfaces?

I have a Mikrotik router. 2 providers are connected to it: provider A (ISP1) and provider B (ISP2). It is necessary to block IP on provider B so that the specified IP does not ping through this interface. And on the ISP1 interface, the ping was fine.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sergei E., 2015-12-21
@Systemshik

/ip firewall filter add chain=input protocol=icmp action=drop in-interface=ISP2 \
  src-address=11.22.33.44

Where ISP2 is the name of the interface looking at provider B, and 11.22.33.44 is the IP that needs to be denied ping.
But this would be nicer:
/ip firewall filter add chain=input protocol=icmp action=drop in-interface=ISP2 \
  src-address-list=DENY-PING
/ip firewall address-list add list=DENY-PING address=11.22.33.44

The rule must be above the allow rule:
/ip firewall filter print 
...
1     ;;; Deny ping
     chain=input protocol=icmp action=drop in-interface=ISP2 src-address-list=DENY-PING
2     ;;; Allow ping
      chain=input action=accept protocol=icmp
...

M
mikes, 2015-12-21
@mikes

A little chaotically written, of course, but if we are talking about the fact that the internal client would go to the specified IP through a specific provider, then this is decided by routing to the desired interface, and not by blocking rules.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question