I have two computers in lan network.
I want to block ping requests from one to another (firewall testing).
There's no other filter rules.
I tried to add this
/ip firewall filter add action=drop chain=forward protocol=icmp
and this
/ip firewall filter add action=drop chain=input protocol=icmp
and even this
/ip firewall filter add action=drop chain=output protocol=icmp
but still I can ping one pc from another.
What am I doing wrong? Thanks for any help.
Input = packets directed TO the RB Output= packets going OUT from RB
so, for your case, forget input and output chains.
Plese make sure if your two computers are passing through the RB. Otherwise the forward chain is not applicable. If your two computers are connected to a switch, or hub, and you connected the hub to your RB, it will not work because the computers are communicating directly.
If it is the case, connect your computers to your RB and the forward rule will work.
/ip firewall filter add action=drop chain=input Dst.Address 192.168.1.1(this should be the ip you want to discard the ping on)
The command you want is
/ip firewall filter add action=drop chain=forward protocol=icmp dst-address=NW_IP/netmask
with the NW_IP being the network ip, so that all the ICMP packets inside the network will be dropped. If you want to drop also the ICMP coming from your network and going out (e.g. ping 8.8.8.8 ) you need to use
/ip firewall filter add action=drop chain=forward protocol=icmp src-address=NW_IP/netmask
