IP-> Firewall can't make a rule to match ARP, but a bridge->Filter can. You can't match IP's if you select "ARP" as the layer2 protocol to match, but there might be another way to make it work. Maybe match broadcast destinations and add a packet mark then follow up with an IP->Firewall rule using that packet mark as a classifier and either content or src IP......I don't know if that would work, but it's what I would try.
Alternately in IP-> Firewall you could match Src MAC addresses. I'd imagine "real" traffic has to come in an ethernet frame from your default gateway's MAC address. That might fail if for any reason that MAC address changes, so I'd be a little afraid of this. Pretty sure it would work though. -----Original Message----- From: AF <af-boun...@af.afmug.com> On Behalf Of Nate Burke Sent: Thursday, December 08, 2022 12:59 PM To: Animal Farm <af@af.afmug.com> Subject: [AFMUG] Broadcast/ARP traffic on a CMTS Plant I work with a Business WOW!/Astound connection on Coax. I see about 400-500kb/s ~800pps continuous of Broadcast ARP Traffic coming in the connection. That's not normal, is it? Basically, ARP Requests for every IP address on the Cable plant. Shouldn't the cable modem be filtering those, even if it is in bridge mode? The Mikrotik seems to be handling them fine, but I have a Grandstream PBX on a public IP Address, and I think that the volume may be causing it problems. Is there a way in the mikrotik to filter any ARP that is not part of my /29 subnet? -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
