DHCP firewall block need HELP

antkamidiv · August 10, 2012, 12:16pm

Hi everyone!!!

I don’t understand a mikrotik’s firewall behaviour.

I have two rules in the input chain:

/ip firewall filter add chain=input protocol=tcp dst-port=8291 action=accept
/ip firewall filter add chain=input action=drop

There are no any other rules in firewall.

My PC gets ip address from mikrotik’s dhcp server. Why? The second rule blocks everything including udp port 67.
May be I misunderstand something. Could you explain me this behaviour of the firewall?

Thx in advance…

Feklar · August 10, 2012, 2:29pm

That is because DHCP is handled before it ever hits the firewall, so the firewall cannot block it from happening. It can only prevent DHCP from flowing over it. If you only want certain devices to get DHCP leases, change the DHCP pool to “static-only”, and manually setup the leases.

antkamidiv · August 10, 2012, 2:56pm

Thank you buddy!!!

What about official documents which describe this feature?