Community discussions

MikroTik App
 
skynets
just joined
Topic Author
Posts: 10
Joined: Mon Nov 18, 2013 9:03 am

Filtering traffic between wireless clients

Mon Nov 18, 2013 9:41 am

Hello.
Sorry for my pure English.
I have 1 AP RB912. Eth1 and wlan1 add to bridge. How filter icmp traffic between wireless clients?

add action=drop chain=forward mac-protocol=ip ip-protocol=icmp src-address=10.30.0.0/26 -- does not work
/interface bridge
add l2mtu=1600 name=br1
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g basic-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b="" \
    bridge-mode=disabled country=russia default-forwarding=no disabled=no \
    ht-rxchains=0,1 ht-txchains=0,1 hw-protection-mode=rts-cts l2mtu=2290 \
    mode=ap-bridge periodic-calibration=enabled rate-set=configured ssid=\
    WL1 supported-rates-b="" tx-power=27 tx-power-mode=card-rates \
    wireless-protocol=802.11
/interface bridge filter
add action=drop chain=forward mac-protocol=ip ip-protocol=icmp src-address=10.30.0.0/26
/interface bridge port
add bridge=br1 interface=ether1
add bridge=br1 interface=wlan1
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes
/interface wireless access-list
add interface=wlan1
/ip address
add address=10.30.0.2/26 interface=ether1 network=10.30.0.0
/ip dns
set servers=192.168.193.10
/ip route
add distance=1 gateway=10.30.0.1
/system leds
set 0 interface=wlan1
/system routerboard settings
set cpu-frequency=600MHz
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Filtering traffic between wireless clients

Wed Nov 20, 2013 7:27 am

Instead of trying to limit in the bridge firewall, try to limit in the IP firewall. That setting is already set to yes on the bridge anyway.
 
skynets
just joined
Topic Author
Posts: 10
Joined: Mon Nov 18, 2013 9:03 am

Re: Filtering traffic between wireless clients

Thu Aug 14, 2014 7:02 am

Problem is not closed.
If disable default forwarding then all traffic not forward between wireless user.
If enable default forwarding then it is impossible to control traffic and filter.
Conneсt each users to individual virtual ap its not good. AP should be open
Help me please.
 
User avatar
DanielJB
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Mon May 27, 2013 3:05 pm

Re: Filtering traffic between wireless clients

Tue Jan 03, 2017 5:34 am

I was trying to achieve the same.

Packets coming in on a bridge port are prevented going out on the same port. On linux (which RouterOS is based upon), bridges support 'hairpin' mode [1] (don't confuse with hairpin NAT), which would allow filtering between devices on the same AP/interface, but RouterOS doesn't support it.

[1] http://man7.org/linux/man-pages/man8/bridge.8.html
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Filtering traffic between wireless clients

Tue Jan 03, 2017 11:48 am

I would suggest making a feature request to the support mail address.
 
keirstitt
just joined
Posts: 6
Joined: Tue Nov 14, 2023 1:13 pm

Re: Filtering traffic between wireless clients

Wed Nov 15, 2023 11:43 am

Did you find a solution here?

I posted a new post yesterday quoting yours - it's an old one so I didn't think it appropriate to continue your thread but here's my post viewtopic.php?p=1035988#p1035988

We can do L2 NAT so I think it might be possible to pull some kind of trick. It's important because IOT devices often use unsecure UPnP discovery methods and we need to be able to satisfy their functional needs whilst preventing them from doing anything else.

Who is online

Users browsing this forum: dervomsee and 24 guests