How to specify multiple addresses in the address list?

P

partisan422021-10-25 06:33:20

Mikrotik

partisan42, 2021-10-25 06:33:20

I created a deny rule in the firewall that prevents all members of the 192.168.0.0/24 network from going to the conditional site.ru.

But the trouble is that there are several people who still need to go to this site.
The first thing I thought was to create an address list with the addresses I need, but I ran into a problem that you can’t just take and list the necessary addresses separated by commas, and specifying the range does not suit me, since the addresses are not neighboring. (192.168.0.8, 192.168.0.88, 192.168.0.92, etc.).

In the rule itself, putting an exclamation point, and listing the addresses, also does not work.

How can such a thing be implemented?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

G

Gregory, 2021-10-25
@partisan42

we create the necessary address sheets with sites and computers

/ip firewall address-list
add address=192.168.0.21 list=pc
add address=192.168.0.28 list=pc
add address=192.168.0.32 list=pc
add address=site.ru list=block

create a rule where we indicate where you can’t go and who is in the exception, indicate the address of the sheets in it

/ip firewall filter
add action=drop chain=forward dst-address-list=block src-address-list=!pc

rule lift up .

P

partisan42, 2021-10-25
@partisan42

And that's it, I found it myself :)
Firewall Rules -> Rule -> Advanced -> Src Address List, and already there separated by commas.
Although of course through the creation of a list of addresses it would be more convenient. Can anyone share this wisdom? :)

D

dnbolt, 2022-03-21
@dnbolt

Hand write
```
/ip firewall address-list
add address=27.116.56.0/22 comment="AFGHANISTAN" list=geoip
add address=43.230.209.0/24 comment="AFGHANISTAN" list=geoip
add address=43.231.131.0/ 24 comment="AFGHANISTAN" list=geoip
```
load adresslist.rsc into Mirach memory
via CLI
```
/import adresslist.rsc
```