On Mon, 2011-11-28 at 23:27 -0500, Josh Luthman wrote: > Does anyone have this handy and tested to confirm it is working? I'm > looking for rules that would be used on the customer CPE when > bridged/wds.
In this example, ether1 is the physical port connecting to customer. Modify as needed. /interface bridge filter add action=drop chain=forward disabled=no \ dst-port=68 in-interface=ether1 \ ip-protocol=udp mac-protocol=ip src-port=67 This would drop a DHCPOFFER packet originating on the ether1 (customer) side of the bridge. You wouldn't have to have more than this to prevent a customer's DHCP server from exiting their CPE onto the larger network. -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ******************************************************************** _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS