Well, it depends on what you’re trying to do. If you’re trying to block DHCP packets from a specific device, then yes, define the source specifically. Otherwise, leave it open.
I’d try ‘dst port 68,’ myself. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ty Featherling via Af Sent: Tuesday, September 30, 2014 12:03 PM To: af@afmug.com Subject: Re: [AFMUG] 320SM drop dhcp with firewall Should I define the source address? I often see DHCP server packets with source of 192.168.1.1 or others. For instance in this case the packets the Mikrotik is catching look like this: forward: in:bridgeWAN(ether5) out:bridgeWAN(sfp1), src-mac 00:16:b6:85:26:b8, proto UDP, 192.168.1.1:67->255.255.255.255:68, len 328 -Ty On Tue, Sep 30, 2014 at 10:59 AM, Eric Muehleisen via Af <af@afmug.com> wrote: Have you tried adding the src=0.0.0.0, dst=255.255.255.255 ? On Tue, Sep 30, 2014 at 10:51 AM, Ty Featherling via Af <af@afmug.com> wrote: Any reason this wouldn't catch DHCP server traffic from the customer? I just tried it and the packets are still hitting the firewall on the tower router. -Ty