On the host 192.168.88.55 I have a website hanging (listening to port 80). Now I want to block access to this host on port 80 .

Created a rule

 ip firewall filter> add chain=forward dst-address=192.168.88.55 protocol=tcp dst-port=80 action=drop

but it did not work - the site still opens when you enter (any machine on the network) 195.168.88.55:80 in the browser.

What's wrong?

  • The site opens from the internal network (from LAN) or from the external (Internet)? - user194374
  • @kff, from the inside. - Adam
  • Traffic that does not go beyond the internal network goes through the switch built into Mikrotik and the routing functions are not used. The firewall works only with routing, i.e. when transferring traffic between different networks. - user194374
  • @kff, that is, to implement port blocking, do I need using already software сетевых сканеров like KIS ? In fact, I need to block this port only from some network machines. - Adam
  • one
    Yes. Only KIS is not a scanner, but an antivirus + firewall. And this can be done without KIS. The necessary functionality is present even in the standard Windows firewall. - user194374

0