Shulou(Shulou.com)06/01 Report--

This tutorial uses:

IP filtering: For example, some IP is prohibited from accessing the Internet.

External IP filtering: Prohibits access to certain external IPs.

1. IP filtering of intranet: for example, prohibiting certain IP from surfing the Internet

The topology is as follows:

Both machines have Internet access!

Now only 254 machines are allowed to access the Internet, and 253 machines are not allowed to access the Internet.

So how do we operate?

Create a new firewall filtering rule:

Action is discard:

Effect:

PC-1 is accessible without pressure, after all, it has not been intercepted.

Principle analysis:

After the first route, because the source IP and destination IP of the packet coming from the fourth port are not on the router. Forward chains are used to forward and then go out through NAT source addresses. At this point, we intercept the forward chain data in the Fliter table, and we can complete the prohibition of IP Internet access that meets the rules.

So why ping the gateway?

Because the gateway address is in the other direction after the first route, the destination address is on the ROS router.

2. Prohibiting access to certain external IP networks

So, you have to use forward chains.

Suppose I block access to 8.8.8.8 for all IP addresses of 192.168.11.0/24 on the intranet.

We just need to add one new rule.

Action or choose to discard!

test effect

Mikrotik ROS filtering rules can also apply filtering restrictions between routes and between vlans, but we haven't touched on these things yet, so we'll talk about them later.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.