I'd rather suggest a whitelist as it easy enough to get a new ip address set via either static or mac address spoofing. But good enough for some basic users/networks, maybe even do an ARP reply only and combination of white list/blocklist, if you say have 1000 users on your network only access local resources creating lists is going to get really tedious. Maybe script it when say a user, on particular DHCP network, opens google or has dns request for something it auto adds it to an address (block or whatever) list for you :) being dynamic is best for networks, DEV-OPS for networking!...etc. Great series though! keep at it.
Hi there. I tried your tutorial but it's not completely working. It blocks all internet access from the web browser or torrent downloads, but my skype is still working. I think some more needs to be done. Maybe separate subnet mask? Any suggestions?
Thank you for this tutorial. I was wondering if you could help with doing it the other way around. I want to block internet for the entire network and only allow certain users. I know its possible, just need help with the setup. And I don't want to add every IP that is not allowed and only skip the ones that are allowed as I am running 3 subnets. Thank you!
thanks for the amazing videos . keep the good work , can you make a video about how to make users with limited quota that gets reseted every day and dynamic band width depending on the usage of the user , also can you explain the meaning of burst speed and how can be used , thanks a lot .
Hi there,please make a tutorial video about, how we can block port scanner on microtik firewall? Nobody try to scan opening port for more security. Thnx
Please make a tutorial video about how we can make a rule on microtik firewall and Block all incoming traffic from outside or internet to our network for more security. Pleaseeee. Thnx
You could use a filter rule on the firewall in wich you tell the router to drop all packets that comes from the MAC you want to block in the interface you want. Would be like this (for http and https traffic): /ip firewall filter add action=drop chain=forward dst-port=80,443 in-interface=ether3 \ src-mac-address=xx:xx:xx:xx:xx:xx If ether3 is in a bridge, you must select the bridge ether3 belongs to. That´s a very simple way, for more specific traffic blocking, you have some amazing videos on this same course. Have a look :)
thanks for the reply guys, what i wanna do is to create and mc address list and create a firewall to filter it, and if i want to another mc address to block , i just add is to mc address list, how do i implement it in the firewall
You can achieve the same by adding to your existing masquerade rule in advanced tab "not in source address list. Simple and easy. Great series!
You are so right, didn't thought of it. Thanks
@@TKSJa So it's a good idea for your next video.
Awesome video! clear, straight to the point, easy to follow! i subscribed! thank you
You're welcome!
I'd rather suggest a whitelist as it easy enough to get a new ip address set via either static or mac address spoofing. But good enough for some basic users/networks, maybe even do an ARP reply only and combination of white list/blocklist, if you say have 1000 users on your network only access local resources creating lists is going to get really tedious.
Maybe script it when say a user, on particular DHCP network, opens google or has dns request for something it auto adds it to an address (block or whatever) list for you :) being dynamic is best for networks, DEV-OPS for networking!...etc. Great series though! keep at it.
Thanks for the suggestions, I will take a look into this method.
very good tutorial Sir
Thank you, that helped a lot.
Thanks, so simple
Tnx for great videos, it helps me a lot.can you create a video on how to allow only certain users to connect through internet..?
Thank you So much Dear
Hi there. I tried your tutorial but it's not completely working. It blocks all internet access from the web browser or torrent downloads, but my skype is still working.
I think some more needs to be done. Maybe separate subnet mask?
Any suggestions?
Thanks, it's help
very helpful
Thank you for this tutorial. I was wondering if you could help with doing it the other way around. I want to block internet for the entire network and only allow certain users. I know its possible, just need help with the setup. And I don't want to add every IP that is not allowed and only skip the ones that are allowed as I am running 3 subnets. Thank you!
thanks for the amazing videos . keep the good work , can you make a video about how to make users with limited quota that gets reseted every day and dynamic band width depending on the usage of the user , also can you explain the meaning of burst speed and how can be used , thanks a lot .
I will add it my list.
Thank you sir for this video.
I want to know if the blocked user can have access to the Server which is hosted in the local netwok
very good video thx
Ur welcome
Hello, but do you not think a device is best to be blocked by its MAC address since the IP address can be changed?
Great video Champ! Thank you! Please tell how does one cuts down the bandwidth instead of blocking completely.
queues. Look it up, dont be lazy
@@Dasgath Yeah, I need that too. I tried basic queue, sometimes its working, sometimes is not.
You add the IP of the device in a queue. then choose the bandwidth you want them to have.
Is there a way to Block INTERNET for specific DEVICES by their MAC Address?
Nice!!!
Ur welcome
@tksja please i would like to know how to block specific websites for specific users on my network
i have question could you please tell me how to block user using Active host name..? because some users use Mac-changer software to bypass firerule
Hi there,please make a tutorial video about, how we can block port scanner on microtik firewall? Nobody try to scan opening port for more security. Thnx
hi sir what if in voucher code what code do we use for blocking accessing our wifi
Dear Sir, I want to browsing history using mikrotik router, is it possible?
hellow,,, how do you block mac add from entering you router from your ISP
Please make a tutorial video about how we can make a rule on microtik firewall and Block all incoming traffic from outside or internet to our network for more security. Pleaseeee. Thnx
Please share a video- How to block internet access by Mangle rules ?
Hi,
Are you planning to do a video on Mikrotik scripting language ?
Thanks for the videos!!!!
Not really but I add it to my list.
i cant see users ip adres ( they are using mobile phone and they are using my interent) Leases is emty . How can i see them ? please help me
And when they change their IP address this wont work. Always block by the MAC address , not by the IP.
How to block mac address.
how to block user on specific ether. I want to block user by mac on ether 3.
You could use a filter rule on the firewall in wich you tell the router to drop all packets that comes from the MAC you want to block in the interface you want. Would be like this (for http and https traffic):
/ip firewall filter
add action=drop chain=forward dst-port=80,443 in-interface=ether3 \
src-mac-address=xx:xx:xx:xx:xx:xx
If ether3 is in a bridge, you must select the bridge ether3 belongs to. That´s a very simple way, for more specific traffic blocking, you have some amazing videos on this same course. Have a look :)
very helpful video
sir please tell me how i can block pppoe user automatically when he rech time limit
Hi rizwan tell me how can block some one use WiFi I mean hack my WiFi
How do i unblock my mac address from my mikrotik winbox
Disable user an ARP protocol plus Replay Only on Interface
can i create also a list of mc address and blocked it? how im going to do it?
VLAN
In dhcp lease, you can see mac address.
thanks for the reply guys, what i wanna do is to create and mc address list and create a firewall to filter it, and if i want to another mc address to block , i just add is to mc address list, how do i
implement it in the firewall
@@jimmyesmeres5831 Did you figure out how to do this?
how can i block a pool ?
trying to block psiphon users like this its not working
bad idea, block use list in forward, because if you have any subnet or vpn, block this too, good idea use mark connection in postrouting
How do unblock
the title should be: how to block user from internet by ip address
Noted