Can't block icmp traffic with Mikrotik

1

I have two computers in lan network.

I want to block ping requests from one to another (firewall testing).

There's no other filter rules.

I tried to add this

/ip firewall filter add action=drop chain=forward protocol=icmp

and this

/ip firewall filter add action=drop chain=input protocol=icmp

and even this

/ip firewall filter add action=drop chain=output protocol=icmp

but still I can ping one pc from another.

What am I doing wrong? Thanks for any help.

user2313320

Posted 2013-11-08T23:15:35.703

Reputation: 11

Answers

2

Input = packets directed TO the RB Output= packets going OUT from RB

so, for your case, forget input and output chains.

Plese make sure if your two computers are passing through the RB. Otherwise the forward chain is not applicable. If your two computers are connected to a switch, or hub, and you connected the hub to your RB, it will not work because the computers are communicating directly.

If it is the case, connect your computers to your RB and the forward rule will work.

Evandroid

Posted 2013-11-08T23:15:35.703

Reputation: 21

0

/ip firewall filter add action=drop chain=input Dst.Address 192.168.1.1(this should be the ip you want to discard the ping on)

theophilus arku-dadzie

Posted 2013-11-08T23:15:35.703

Reputation: 1

Please explain your answer. – Biswapriyo – 2019-03-21T20:52:32.777

0

The command you want is 

/ip firewall filter add action=drop chain=forward protocol=icmp dst-address=NW_IP/netmask

with the NW_IP being the network ip, so that all the ICMP packets inside the network will be dropped. If you want to drop also the ICMP coming from your network and going out (e.g. ping 8.8.8.8 ) you need to use 

/ip firewall filter add action=drop chain=forward protocol=icmp src-address=NW_IP/netmask

pittix

Posted 2013-11-08T23:15:35.703

Reputation: 91

Asked: 2013-11-08T23:15:35.703

Viewed: 3 849 times

Active: 2019-03-21T17:54:42.787