To configure a MikroTik router to allow only specific devices with assigned static IP addresses to access the internet, you can create a script that assigns static IP addresses to clients and only allows internet access to clients with assigned IPs. Below is an example script that you can use as a starting point:
# Script to configure MikroTik router for clients with static IP addresses
# Define variables
:local admin_ip “192.168.100.1” # Admin’s IP address
:local allowed_clients (“192.168.100.2”, “192.168.100.3”) # List of allowed client IPs
# Remove existing DHCP server configuration
/ip dhcp-server remove [find]
# Configure static IP addresses for clients
/ip address
add address=192.168.100.2/24 interface=bridge network=192.168.100.0
add address=192.168.100.3/24 interface=bridge network=192.168.100.0
# Configure firewall rules to allow internet access only for allowed clients
/ip firewall filter
add chain=input connection-state=established,related comment=”Allow established and related connections”
add chain=input src-address=$admin_ip comment=”Allow admin access from the specified IP”
add chain=input action=drop comment=”Drop all other incoming traffic”add chain=output connection-state=established,related comment=”Allow established and related connections”
add chain=output action=drop comment=”Drop all outgoing traffic by default”add chain=forward connection-state=established,related comment=”Allow established and related connections”
add chain=forward src-address-list=allowed_clients action=accept comment=”Allow internet access for allowed clients”
add chain=forward action=drop comment=”Drop all other forwarded traffic”
# Add allowed client IPs to the address list
/ip firewall address-list
add list=allowed_clients address=192.168.100.2
add list=allowed_clients address=192.168.100.3
This script performs the following actions:
- Removes any existing DHCP server configuration.
- Configures static IP addresses for clients in the
192.168.100.0/24subnet. - Sets up firewall rules to allow established and related connections, allow admin access from a specified IP (
$admin_ip), and drop all other incoming and outgoing traffic by default. - Allows internet access for clients listed in the
allowed_clientsaddress list and drops all other forwarded traffic. - Adds the allowed client IPs to the
allowed_clientsaddress list.
Please make sure to modify the script according to your specific requirements and network setup. Additionally, test the script in a controlled environment before deploying it to ensure it meets your needs without causing disruptions.
