Untuk menghindari user diluar jaringan lokal menggunakan ip lokal, maka dapat diantisipasi dengan langkah2 berikut :

Rule jump target

  1. Buat rule jump target
/ip firewall filter
add chain=input src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
add chain=output src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked

 

2. Buat daftar ip yang diijinkan melewati firewall

/ip firewall address-list
add address=192.168.1.1 comment="" disabled=no list=klien
add address=192.168.1.2 comment="" disabled=no list=klien
add address=192.168.1.3 comment="" disabled=no list=klien
add address=192.168.1.4 comment="" disabled=no list=klien
add address=192.168.1.5 comment="" disabled=no list=klien

 

3. Buat di filter firewall untuk memberi akses pada ip yang sudah terdaftar

/ip firewall filter
add chain=blocked protocol=udp src-address-list=klien action=accept
add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=klien action=accept
add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=klien action=accept

 

4. Buat rule untuk memblokir ip selain yang sudah terdaftar

/ip firewall filter
add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=add-src-to-address-list address-list=src-not-whitelist address-list-timeout=1d
add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=drop
add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=!klien action=drop

 

Untuk aplikasinya silahkan disesuaikan dengan kebutuhan ….