Managing mikrotik hotspot firewall rule can be tricky, the mikrotik hotspot always ignored mangle rules. If we create a mangle rule for mikrotik hotspot and then open the statistic menu, there will be no activity. Since mangle firewall not help us on managing hotspot traffic for every user, there is one easy way to catch users traffic by automatically trap their IP address to a group of address list. When their address trapped we can then set any rules to them for example Limiting their number connections.
Test your setting by login using user’s login, your ip address should be shown on Firewall address lists.
At this moment any rules can be set to all logged user either on Firewall or Queue setting. Let’s try to limit their number of tcp connections (we used to use this limitation to reduce problem for hotspot network, i.e. viruses traffics which sometime flooding our internet with thousands of connection from single computer).
Create a firewall filter rules and set:
There still many things we can do with this address list through firewall filter, for example we can block specified port number for public hotspot user to prevent viruses infection trough our network on that port. We also blocked access to some web address to specific users (mostly public), and also limiting YouTube streaming to specific users. Because many of our public hotspot users are unknown users, so we think trapping their address is the only way to handle it.