I'm driving out of office, and cant copy paste, but we do it with 1 filter and 1 address list (permited ips)
Martín Ruiz Director técnico 902 909 858 - 669379521 www.ibersystems.es El 06/06/2012, a las 07:20, Josh Luthman <j...@imaginenetworksllc.com> escribió: > I have an insecured wifi (virtual AP) on my home router. I don't mind > people using it. I do want to make it impossible for them to ever > reach anything they shouldn't. If I do a new subnet on ether5 or my > known subnet on ether2 (home LAN). > > I was thinking I could do something like accept > src-address=172.31.31.0/24 dst-address=gateway and then drop > everything else with that src but if it's masqueraded, would that > work? Doesn't seem to, but I haven't tested it thoroughly. > > Any other suggestions or methods to try? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
