Block everything except PPPoE

ctyler2621 · September 30, 2008, 7:13pm

I have a bridge firewall set up and working perfectly. I’m about to use it to bridge two separate networks together (A and B), (A) uses PPPoE and (B) does not. So what I need to do is to block everything between the two networks with the exception of PPPoE traffic, in other words I’ll be setting up new PPPoE clients on network B and I want them to go to through to network A and not have the other network B traffic coming across that link. Is there a way to do this, and if so what would the firewall rule look like?

Net A <–X—> Mikrotik bridge <–X–> Net B (Regular traffic)

Net A <-----> Mikrotik bridge <-----> Net B (PPPoE traffic)

This is for a wired connection, using the built in Ethernet ports, on a RouterBoard 333 with latest firmware.

netrat · September 30, 2008, 7:51pm

This should work.

/interface bridge filter
add action=accept in-interface=ether1 out-interface=ether2 chain=forward comment="" disabled=no mac-protocol=0x8863
add action=drop in-interface=ether1 out-interface=ether2 chain=forward comment="" disabled=no mac-protocol=!0x8864
add action=accept in-interface=ether2 out-interface=ether1 chain=forward comment="" disabled=no mac-protocol=0x8863
add action=drop in-interface=ether2 out-interface=ether1 chain=forward comment="" disabled=no mac-protocol=!0x8864

ctyler2621 · September 30, 2008, 7:53pm

Thank you, I’ll give that a try and see what happens.