Tiernan's Comms Closet

October 11, 2012

RouterOS Blocking Machine access to all but one IP

So, i have a machine on my network, which should be only connecting to the internet though a VPN. I needed to tell my RouterOS box to block all access, except to this said IP address… The following should do the trick… YMMV

this will drop any packets from the srcaddress (IP address) that are not for destination dstaddress (IP address). in my case, dstaddress is the VPN server i want to connect to. So, in theory, all packets should just go though the VPN and not leak out in to the rest of the network… again, still testing this so be careful!