Create a firewall address list of all known good subnets. Create a forwarding rule in your firewall to accept known good subnets to forward from customer side to WAN side Create a forwarding rule to drop everything else coming from customer side to WAN side
/ip firewall address-list add list="customer" address="x.x.x.x/x" /ip firewall address-list add list="customer" address="y.y.y.y/y" /ip firewall filter add chain=forward src-address-list="customers" in-interface="LAN" out-interface="WAN" action="accept" /ip firewall filter add chain=forward in-interface="LAN" out-interface="WAN" action="drop" You could start with a logging rule for unknown traffic first and watch for what pops up. -Rob On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm <thatoneguyst...@gmail.com> wrote: > Im mainly looking for IP space that shouldnt be present, DHCP or not. > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > >
