Got it. So I'll leave the ICMP line in, remove the others.

I guess I'll factory reset my router and try the new config after work today. Wish me luck!

Don't open ports to the router, except VPN (Wireguard?). Wouldn't this block all the ports? add action=drop chain=input comment="block everything else" in-interface=ether1 Though that did make me look again, and I'm going to take out these rules add action=accept chain=input comment="...

Awesome! Okay, just as a sanity check, here's my final (lol) config, with the suggested changes. /interface bridge add name=BR1 admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no fast-forward=no priority=0x8000 vlan-filtering=no /interface bridge port add bridge=BR1 interface=ether2 frame-types=admit-only-unta...

Okay, more updates. /interface bridge add name=BR1 admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no fast-forward=no priority=0x8000 vlan-filtering=no /interface bridge port add bridge=BR1 interface=ether2 frame-types=admit-only-untagged-and-priority-tagged pvid=40 add bridge=BR1 interface=ether3 frame-types=...

Per vlan you should have the bridge tagged as well I'm a bit confused on that part as I'm not quite sure what you mean. More direction would be greatly appreciated. Your firewall is far from complete. Start from default, then add rules as required. I am adding the below block before the firewall ru...

I've updated my script a bit. I still feel I'm missing something, especially when it comes to bridge vlan tagging, and firewall. /interface bridge add name=BR1 protocol-mode=none vlan-filtering=no /interface bridge port //add bridge=BR1 interface=ether1 -- WAN port (do I even need this here?) add br...

I have a RB5009UPr+S+, and 3 Omada APs (controlled by an Omada Controller running in docker that will be running in MAIN_VLAN) I'm trying to set up the following VLANs: VLANS CAM_VLAN - no internet access, no access to other VLANs IOT_VLAN - full internet, no access to other VLANs MEDIA _VLAN - full...