On Mon, 2011-11-28 at 23:27 -0500, Josh Luthman wrote:
> Does anyone have this handy and tested to confirm it is working? I'm
> looking for rules that would be used on the customer CPE when
> bridged/wds.
In this example, ether1 is the physical port connecting to customer.
Modify as needed.
/interface bridge filter
add action=drop chain=forward disabled=no \
dst-port=68 in-interface=ether1 \
ip-protocol=udp mac-protocol=ip src-port=67
This would drop a DHCPOFFER packet originating on the ether1 (customer)
side of the bridge. You wouldn't have to have more than this to prevent
a customer's DHCP server from exiting their CPE onto the larger network.
--
********************************************************************
* Butch Evans * Professional Network Consultation *
* http://www.butchevans.com/ * Network Engineering *
* http://store.wispgear.net/ * Wired or Wireless Networks *
* http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! *
* NOTE THE NEW PHONE NUMBER: 702-537-0979 *
********************************************************************
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
