Comprehensive guide to preventing unauthorized net sharing (tethering) and monitoring user activity.
Forcing TTL to 1 ensures packets reaching a client cannot be routed further. If the client shares the connection, the TTL becomes 0 and the packet is dropped.
/ip firewall mangle
add action=change-ttl chain=postrouting comment="Anti-Tethering: Set TTL to 1" \
new-ttl=set:1 out-interface=[/interface find where name~"hotspot"] \
passthrough=yes
Specific apps use local proxies to bypass TTL limits. We block common ports used by these services.
/ip firewall filter
add action=drop chain=forward comment="Block NetShare and Proxy Apps" \
dst-port=8282,7777,1080,8080 protocol=tcp
Monitors active hotspot users. If an IP exceeds 50 concurrent connections, it logs a warning, notifies the admin via email, and removes the user.
:foreach i in=[/ip hotspot active find] do={
:local userIP [/ip hotspot active get $i address];
:local userName [/ip hotspot active get $i user];
:local connCount [:len [/ip firewall connection find where src-address~$userIP]];
:if ($connCount > 50) do={
:log warning ("ALARM: User " . $userName . " (" . $userIP . ") sharing detected! Conns: " . $connCount);
/tool e-mail send to="admin@yourdomain.com" \
subject="Hotspot Sharing Alert" \
body=("User: " . $userName . "\nIP: " . $userIP . "\nConnections: " . $connCount);
/ip hotspot active remove $i;
}
}
/system scheduler add interval=1m name=run_watchdog on-event=monitor_sharing start-time=startup
/tool e-mail for alerts to work.
System > Resources.