There is another set of rules that can be used for blocking customers :
IP 10.0.1.16 is the router’s WAN IP address.
/ip proxy
set enabled=yes
/ip proxy access
add action=allow disabled=no dst-host=10.0.1.6 dst-port=80
add action=deny disabled=no dst-port=80 redirect-to=10.0.1.16/portal/
add action=deny
/ip firewall filter
add action=drop chain=forward comment=“Block All” disabled=yes log-prefix="" src-address-list=Reject_1
add action=accept chain=block comment=“Users need DNS to work” dst-port=53 protocol=udp
add action=accept chain=block comment=“Make port 80 to work” dst-port=80 protocol=tcp
add action=drop chain=block comment="Block everything else for blocked users"
add action=jump chain=forward comment=“Redirect blocked users to the block chain” jump-target=disconnected src-address-list=Reject_1