Running 5.x on RB751U-2HnD

All 5 ports are bridged into bridge 1.

Port 4 is uplink to internet.

Port 1 is down feed to end customer at 10.16.31.130

Wanted to block temporarily all traffic from 10.16.31.130 to internet.

I added rule to FORWARD chain firewall rule to block src 10.16.31.130 -jump DROP, did not work

So I added inport = ether1, did not work.

Just wanna drop all traffic from that IP, what am I doing wrong?

Homer W. Smith, CEO
Lightlink Internet

If all 5 ports are bridged, then it's just like a layer 2 switch. IP > Firewall doesn't apply at Layer 2. You can add rules in Bridge > Filters. But these filters only apply if the packet is going from one port in the bridge to another. If the port is a slave to another port, the the filters won't apply between those two ports. You'd have to set master-port:none and add the port to the bridge.