Requirements: Since the device is a third party and cannot enter the internal system, for data security considerations, it is necessary to prohibit the device from accessing the external network (Internet), and only need to transmit traffic with the LAN device.
Option 1 (not tested):
To establish two rules, you need to pay attention to the order of priority, as follows:
Option 2 (recommended):
A combination command is done as follows:
Both scenarios require IP binding to be non-static, and MAC address settings are recommended for dynamic assignmentsrc-mac-address。
In RouterOS, when you manually configure firewall rules, such as drop rules, to block certain traffic, these rules usually only affect newly established connections. For connections that already exist, RouterOS continues to allow packets from those connections to pass through until they are terminated or time out naturally.
This is because firewall rules typically act on new connection requests (i.e., packets in a new state), whileConnections that have already been established are not immediately interrupted(i.e., the package in the established state). This design is to ensure the stability and reliability of the network, avoiding sudden disruptions to existing services and applications.
If you wish to terminate all connections that have already been established immediately, you need to intervene manually. For example:
(End)
|
Posted on 11/3/2024 7:35:21 PM
|
|
|
|
