Re: [Mikrotik] Blocking DHCP

Tue, 25 Mar 2008 16:54:45 -0500 (CDT)

I really don't think this is possible. Once an interface is made part of a bridge it stops being it's own unique device and starts being part of a whole. You can't effect one part of the bridge without the other. The only possible way to attempt it is to use the V3.0 with this setting: 

/interface bridge settings set use-ip-firewall=yes

Then to setup an input rule:
/ip firewall filter chain=input protocol=udp dst-port=67 in-interface=ether1 action=drop
But I don't think this would work in the instance of a bridge. If it wasn't bridged it would cause the ethernet interface to ignore all DHCP requests. 

Regards,

Paul


Lanham Rattan wrote:

The MT is the DHCP.

I assumed that the DHCP server would "listen" only on the interface it is
configured.  The ip firewall rule does nothing, in fact I cannot get the ip
firewall to log any packets.

 > -----Original Message-----
 > From: [EMAIL PROTECTED]
 > [mailto:[EMAIL PROTECTED] Behalf Of Kevin Neal
 > Sent: Tuesday, March 25, 2008 9:15 AM
 > To: 'Mikrotik discussions'
 > Subject: Re: [Mikrotik] Blocking DHCP
 >
 >
 > Is the Mikrotik your DHCP server?
 >
 > If so then you could put a firewall rule in your output chain.
 >
 > /ip firewall filter add chain=output protocol=udp dst-port=67-68
 > out-interface=ether1 action=drop
 >
 > Kevin Neal
 >
 >
 >
 > -----Original Message-----
 > From: [EMAIL PROTECTED]
 > [mailto:[EMAIL PROTECTED] On Behalf Of Lanham Rattan
 > Sent: Tuesday, March 25, 2008 8:57 AM
 > To: Mikrotik discussions
 > Subject: [Mikrotik] Blocking DHCP
 >
 > Can I bridge eth1 and eth2, provide DHCP on eth2 and block DHCP
 > traffic on
 > eth1?
 >
 > _______________________________________________
 > Mikrotik mailing list
 > Mikrotik@mail.butchevans.com
 > http://www.butchevans.com/mailman/listinfo/mikrotik
 >
 > _______________________________________________
 > Mikrotik mailing list
 > Mikrotik@mail.butchevans.com
 > http://www.butchevans.com/mailman/listinfo/mikrotik

_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Reply via email to