bridge filter to drop brodcast

haissam · March 23, 2014, 1:53pm

helloooo
anyone can help me???
i have a problem in my network i need to stop the broadcast
the ip firewall not working on the bridge mode
im using

/interface bridge filter
add action=accept chain=forward disabled=yes mac-protocol=pppoe-discovery
add action=accept chain=forward disabled=yes mac-protocol=pppoe
add action=drop chain=forward disabled=yes

need to add a chain input

accept winbox 10.10.10.1,10.10.10.2,10.10.10.3,10.10.10.254
accept icmp
accept MNDP
input drop ALL

thank you

brauser · March 25, 2014, 1:39am

Hi haissam,

If on your network you only use pppoe, than your bridge rules are all you need (except that they need to be enabled ). But do this kind of filter on every bridge you have unless the pppoe-server.

Another more generic rule would be one to do “port-isolation” with bridge ports. E.g.
/interface bridge filter
add action=drop chain=forward in-interface=!UPLINK out-interface=!UPLINK

Any input rule won’t interfere on broadcast.