Hi,
will firewall works for ports which are in switch mode? for example block comunication between IP form same subnet and so on
Thank You
/ip firewall filter add chain=input action=drop connection-state=invalid comment="Disallow weird packets" add chain=input action=accept connection-state=new in-interface=ether-LAN comment="Allow LAN access to the router" add chain=input action=accept connection-state=established comment=" ^^ originated from LAN" add chain=input action=accept connection-state=related comment=" ^^ originated from LAN" add chain=input action=drop comment="Disallow other" add chain=forward action=drop connection-state=invalid comment="Disallow weird packets" add chain=forward action=accept connection-state=new in-interface=ether-LAN comment="Allow LAN access moving through router" add chain=forward action=accept connection-state=established comment=" ^^ originated from LAN" add chain=forward action=accept connection-state=related comment=" ^^ originated from LAN" add chain=forward action=drop comment="Disallow other"
the reason is that I want to get bigger throughput but also use firewallingUsing a bridge will use more CPU than using the master/slave arrangement in the switch chip (which does not use the CPU).
In general, routing / layer 3 activity tends to use more CPU than bridging / layer 2 activity.
Thank YouZAJDAN,
Firewall rules for switched ports are available from "switch" menu: /interface ethernet switch rule
http://wiki.mikrotik.com/wiki/Manual:Sw ... Rule_Table
Note that these rules have some restrictions depending on switch-chip.