As my attached drawing, I have bridge interface including ether2 and wireless interface, an other side L2TP (over ether1) tunnel is a WAN. Host 192.168.88.223 transfers file between server 202.0.X.X. I see actual download is around ~40Mbps, upload is similar around ~35Mbps. Okay. I can see this connection in “/ip firewall connection” list that shows with correct orig-rate and orig-rate. But when I try to catch this packets on /ip firewall mangle or /ip firewall filter, but firewall doesnt see upload packets at all. This is really strange. AFAIK, those packets should be seen by IP firewall in any case, since traffic comes from bridge and leaves router by L2TP with Layer3 routing. But its not.
Later when I enable “use-ip-firewall=yes” in bridge, it starts to work, my firewall rules starts to count this upload packets correctly. ros version was 6.38 and now it`s latest one 6.40.1, same happens.
Did something really change in latest ros versions regarding this kind of packet flow? Why bridge configuration affects to the layer3?