Tiernan's Comms Closet

Geek, Programmer, Photographer, network egineer…

RouterOS Blocking Machine access to all but one IP

So, I have a machine on my network, which should be only connecting to the internet through a VPN. I needed to tell my RouterOS box to block all access, except to this said IP address… The following should do the trick… YMMV

this will drop any packets from the srcaddress (IP address) that are not for the destination dstaddress (IP address). in my case, dstaddress is the VPN server I want to connect to. So, in theory, all packets should just go through the VPN and not leak out into the rest of the network… again, still testing this so be careful!


This site is hosted on my own ASN on AS204994. More details about that over there. I also use Vultr for transit services and HostUs for LIR Services. Check them out. You can also check some of the gear I use on a daily basis over on kit.co/tiernano. Looking for a Backup Option? Check out Backblaze and get a month free.

Leave a Reply

Your email address will not be published. Required fields are marked *