We have this setup:
Internet
|
Core Router
|
MikroTik (Transparent) Bridge
|
Windows 2008 Server with RDP
On MT Bridge, we have this rule:
/ip firewall filter chain=forward action=drop protocol=tcp dst-address=196.x.x.x dst-port=!3389
The idea is that all packets from the outside except RDP (port 3389) is dropped.
The rule fails because it's a bridge and now any traffic originating from the RDP server is also dropped.
How can we do this?