How do you block IP address in MikroTik?

/ip firewall filter

add action=drop chain=input comment="drop PPTP brute forcers"
in-interface-list=WAN src-address-list=pptp_blacklist_drop

add action=add-dst-to-address-list address-list=pptp_blacklist_drop
address-list-timeout=1w3d1m chain=output content="authentication failed"
dst-address-list=pptp_blacklist_stage2 protocol=gre

add action=add-dst-to-address-list address-list=pptp_blacklist_stage2
address-list-timeout=5m chain=output content="authentication failed"
dst-address-list=pptp_blacklist_stage1 protocol=gre

add action=add-dst-to-address-list address-list=pptp_blacklist_stage1
address-list-timeout=5m chain=output content="authentication failed"
protocol=gre

Obviously, you either need to add your WAN interfaces to WAN interface list to work, or you need to change the rules accordingly.

Mikrotik provides world-class RouterOS firmware loaded with all the best features. There are many popular MikroTik network devices used by telecom operators worldwide. If you are MikroTik router user and you must use Mikrotik CCR series routers to deploy a large and medium-sized network. In an earlier post, we published an article about login Mikrotik routers using winbox and IP address.

If you are an administrator or network operators you must require to block the user and IP addresses in the network for security reasons. If you looking to block IP address in Mikrotik router to block internet access for specific LAN users without blocking local network sharing. This post gives you user manual to block user in MikroTik router using IP address block option.

  • How to setup VPN in Mikrotik Router for Remote Access

If you have any of the MikroTik models from CCR, Mikrotik Base box, Mikrotik RB750 Series and Mikrotik Fiber switch or wireless device belong to Mikrotik will support this user guide. You need to login to MikroTik RouterOS using winbox or web interface to setup a User internet block using IP Address.

Steps to Block User in MikroTik using IP Address

The first steps to access RouterOs settings from Winbox configuration utility.

  • Connect the MikroTik router or wireless device to the computer or laptop LAN ports.
  • Download Winbox latest version from Downloads
  • Default Login IP Address http://192.168.88.1
  • Default username: admin and password is blank for default mode.
  • Login your MikroTik cloud core router, RB450, MikroTik Sxt lite or any models you are using for the internet.
  • Factory Reset of MikroTik Router | 3 Method

Check User IP address provided by DHCP server

To prevent internet access for specific LAN or wifi user you must know the IP address assign to the user from the DHCP server.

You can check all the connected computer and mobile device list with Mac address and allotted IP address list.

Go to IP- DHCP Server

Leases tab

Check the Active host option for the computer or mobile name. see mac address and IP address details for a specific user you want to block.

Note the IP address of mobile or computer you want to restrict internet access.

How do you block IP address in MikroTik?

Create Address List for Block IP Address

The next step to create an address list under firewall options to make blacklist to block internet access for those IP addresses.

Go to IP-Firewall option

Go to the Address List tab.

Press Plus (+) button to create a new firewall address list

New- Block Users

Address: 192.168.88.254 (or any IP address you got from lease assign to user you want to block)

How do you block IP address in MikroTik?

Press Apply and OK button to create a list.

You can create multiple IP addresses under the same block user list to restrict multiple users at the same time to access the internet.

  • MikroTik Hap WiFi Router WISP Mode Configuration

Create Firewall Rules to Block Internet Access

Create new Filter rules to Block client internet access, but allow local access for users added to the block list.

Go to the IP-Firewall option from the left side menu.

Filter Rules tab

1: Press Plus (+) button to make new filter rules.

2: New Firewall Rules –  Go to Advanced Tab first

Select Src. Address list- Block user (or whatever name you have given to Firewall address list)

3: Go to Action tab

Action- Drop

How do you block IP address in MikroTik?

Press Apply and OK button to confirm filter rules.

After creating firewall block rules internet access will block for specific users added to blacklists.

To disable user blacklist just select the rules and press cross (Cross) button to disable temporarily.

How do you block IP address in MikroTik?

This is a simple way to block internet users with IP address blocking for specific LAN and WIFI users in the network.

Making this rules list will not block internal local network sharing and all computers can share data from the network without any problems. This MikroTik router configuration will help you to block unwanted traffic from specific users in the network and prevent any network glitch without disturbing whole networks.

Related Post

  • How to Login Asus router Settings 192.168.1.1
  • How to Check Who is connected to My WiFi
  • 192.168.1.1 | How to login router
  • UBTN Lite Beam M5 Login 192.168.1.20

How do I block a specific IP address?

Block a range of IP addresses.
Go to Clarity > Settings > IP blocking, and select Block IP address..
On the Block IP address screen, make your selections and select Add. Name: Enter a friendly name to identify the range of IP addresses. Block my current IP: Check the box if you want to exclude your IP address..

How do I block an address from my router?

In your router admin panel, click the Advanced tab. From the sidebar, go to Network > Advanced Routing. Under Static Routing, click + Add..
Network Destination: Enter the IP address you wish to block..
Subnet Mask: Enter 255.255. ... .
Default Gateway: Enter 192.168. ... .
Interface: Select LAN..

How do I block access to mikrotik?

Steps to Block Internet Access in Mikrotik.
Select IP menu> Firewall menu item and click on filter rule tab> +..
In this new window select Forward from the dropdown chain menu..
Select the TCP protocol from the Protocol menu..
Select Dst. ... .
Select the Action tab and select the drop menu Action..
Click Apply> OK..

How do I blacklist a device on mikrotik?

On the “Firewall Rule” window, select the tab “General” and set the “chain” to “forward”. IF you want to block MAC, go to “Advanced” tab and add the MAC to the “Scr. MAC Address” field. Then, on the “Action” tab, set the “Action” to “drop”.