Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    donz's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Location
    Bandung
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Block internet client dengan reject firewall rule

    Selamat sore agan2 master sekalian,

    Numpang tanya lagi, rencanaya saya mau block akses internet client pakai settingan berikut :
    chain : forward
    out. interface : wan
    action : reject
    reject with : icmp network unreachable
    Pas saya eksekusi, otomatis semua client ke block internetnya, nah kalau saya mau daftarin beberapa client saja (pakai ip atau mac)
    yang bisa akses internet, itu rule nya gimana ya . . .

  2. #2
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bisa pakai opsi src-mac-address, src-address-list, atau src-address
    Gunakan FreeRadius sebagai pengganti user manager

  3. #3
    Status
    Offline
    donz's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Location
    Bandung
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    saya sudah coba pakai ketiganya itu, out.interface nya : wan dan action : accept, tapi tetep aja semua clientnya ke blok internetnya
    Last edited by donz; 05-04-2013 at 21:29.

  4. #4
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donz Click here to enlarge
    saya sudah coba pakai ketiganya itu, out.interface nya : wan dan action : accept, tapi tetep aja semua clientnya ke blok internetnya
    rule firewall di eksekusi dari atas ke bawah. untuk di evaluasi, paste disini rule firewall router dengan perintah
    /ip fi fi print
    Gunakan FreeRadius sebagai pengganti user manager

  5. #5
    Status
    Offline
    jeffry christopher's Avatar
    Newbie
    Join Date
    Mar 2012
    Location
    Kota Medan, Indonesia
    Posts
    68
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donz Click here to enlarge
    Selamat sore agan2 master sekalian,

    Numpang tanya lagi, rencanaya saya mau block akses internet client pakai settingan berikut :
    chain : forward
    out. interface : wan
    action : reject
    reject with : icmp network unreachable
    Pas saya eksekusi, otomatis semua client ke block internetnya, nah kalau saya mau daftarin beberapa client saja (pakai ip atau mac)
    yang bisa akses internet, itu rule nya gimana ya . . .
    Daftar kan IP nya di /ip firewall address list gan..
    buat ip yg mau di bikin gak bisa internet..
    contoh nya :
    /ip firewall address list > add address=192.168.1.2 disabled=no list=block
    add address=192.168.1.3 disabled=no list=block
    add address=192.168.1.4 disabled=no list=block
    baru buat firewall nya :
    /ip firewall filter >
    add action=drop chain=forward disabled=no src-address-list=block

    CMIIW

  6. #6
    Status
    Offline
    donz's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Location
    Bandung
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini gan rule firewall nya :

    0 ;;; Deny from all to all
    chain=forward action=reject reject-with=icmp-network-unreachable out-interface=ether1-gateway

    1 ;;; Allow Internet Access
    chain=forward action=accept protocol=tcp src-address=10.1.1.14 out-interface=ether1-gateway

  7. #7
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donz Click here to enlarge
    ini gan rule firewall nya :

    0 ;;; Deny from all to all
    chain=forward action=reject reject-with=icmp-network-unreachable out-interface=ether1-gateway

    1 ;;; Allow Internet Access
    chain=forward action=accept protocol=tcp src-address=10.1.1.14 out-interface=ether1-gateway
    rule nya tinggal dibalik aja. allow dulu sisanya di reject.
    Gunakan FreeRadius sebagai pengganti user manager

  8. #8
    Status
    Offline
    donz's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Location
    Bandung
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Mantaap gan, makasih dah jalan nih.

  9. #9
    Status
    Offline
    bayoe37's Avatar
    Baru Gabung
    Join Date
    May 2015
    Location
    surakarta
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donz Click here to enlarge
    ini gan rule firewall nya :

    0 ;;; Deny from all to all
    chain=forward action=reject reject-with=icmp-network-unreachable out-interface=ether1-gateway

    1 ;;; Allow Internet Access
    chain=forward action=accept protocol=tcp src-address=10.1.1.14 out-interface=ether1-gateway

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    rule nya tinggal dibalik aja. allow dulu sisanya di reject.
    gan yang out interface=ether1-gateway itu wan atau lokal?

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 10
    Last Post: 17-02-2015, 20:38
  2. [ask] ttg rule firewall filter MT .. benarkah ??
    By earthlink in forum General Networking
    Replies: 6
    Last Post: 04-09-2014, 10:19
  3. Cara block modem usb di kompt client dengan mikrotik
    By roy moto in forum Beginner Basics
    Replies: 4
    Last Post: 05-04-2013, 21:23
  4. [Info] Auto Enable P2P Firewall Rule in certain Time
    By okto_2005 in forum Scripting @ Mikrotik
    Replies: 5
    Last Post: 05-06-2009, 00:46
  5. Tanya Rule di Firewall Buat Blok Kido-ih
    By rj-45 in forum General Networking
    Replies: 5
    Last Post: 01-06-2009, 11:21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •