Hello MikroTik community,
I have a CRS328-24P-4s+RM switch with routeros 6.46.8 and I am trying to create a bridge filter by interfaces.
Setup:
ether1 (untegged on vlan 100) - PVID 100 - bridge (enable vlan filtering)
I need to filter all posibe ip address on this interface except 10.100.4.254.
This rule doesnt work:
/interface bridge filter chain=forward action=drop in-interface=ether1 mac-protocol=ip src-address=!10.100.4.254/32 log=no log-prefix=“”
But if I disable vlan filtering on bridge - it works. But I need to use VLAN in my configuration.
In SwOS I also can’t filter all ip except 10.100.4.254. I can filter only specific ip…
Also I try “Use IP Firewall” and “Use IP Firewall for VLAN” in bridge settings, but this rule doesnt work:
/ip firewall filter chain=forward action=drop src-address=!10.100.4.254 in-bridge-port=ether1 out-bridge-port=ether24 log=no log-prefix=“”
Enable or disable HW Offload in properties of ether1 does not affect in both cases.
I would be glad, if you can help me.
P. S. Sorry for my english.