On Tue, 2011-11-29 at 13:47 -0500, Josh Luthman wrote: > /interface bridge filter > add action=log chain=forward comment="log dhcp servers on 192.168/16" \ > disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\ > "blocked dhcp server" mac-protocol=ip src-address=192.168.0.0/16 \ > src-port=67-68 > add action=drop chain=forward comment="drop dhcp servers on 192.168/16" \ > disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=\ > ip src-address=192.168.0.0/16 src-port=67-68 > > /interface bridge settings > set use-ip-firewall=yes
For this filter to work, use-ip-firewall is not needed. Also, you don't have to define the dst-address, but that may have been your intent. I missed the first part of this conversation, so I may have to look back over the thread to see what the original intent was... -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ******************************************************************** _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
