[[---]]
Untuk menghindari user diluar jaringan lokal menggunakan ip lokal, maka dapat diantisipasi dengan langkah2 berikut :
- Buat rule jump target
/ip firewall filteradd chain=input src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blockedadd chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blockedadd chain=output src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
2. Buat daftar ip yang diijinkan melewati firewall
/ip firewall address-listadd address=192.168.1.1 comment="" disabled=no list=klienadd address=192.168.1.2 comment="" disabled=no list=klienadd address=192.168.1.3 comment="" disabled=no list=klienadd address=192.168.1.4 comment="" disabled=no list=klienadd address=192.168.1.5 comment="" disabled=no list=klien
3. Buat di filter firewall untuk memberi akses pada ip yang sudah terdaftar
/ip firewall filteradd chain=blocked protocol=udp src-address-list=klien action=acceptadd chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=klien action=acceptadd chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=klien action=accept
4. Buat rule untuk memblokir ip selain yang sudah terdaftar
/ip firewall filteradd chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=add-src-to-address-list address-list=src-not-whitelist address-list-timeout=1dadd chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=dropadd chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=!klien action=drop
Untuk aplikasinya silahkan disesuaikan dengan kebutuhan ….