Droping broadcast internal traffic

El-Emin · February 16, 2008, 8:26am

Hi, which of these conf are better for droping internal broadcast traffic except pppoe session.

1.
/ interface bridge filter
chain=forward mac-protocol=arp action=accept comment="" disabled=no
chain=forward mac-protocol=ip action=accept comment="" disabled=no
chain=forward mac-protocol=0x8863 action=accept comment="" disabled=no
chain=forward mac-protocol=0x8864 action=accept comment="" disabled=no
chain=forward action=drop comment="" disabled=no

2.
chain=forward out-interface=out-interface action=accept in-interface=in-interface mac-protocol=0x8864 disable=no
chain=forward out-interface=out-interface action=accept in-interface=in-interface mac-protocol=0x8863 disable=no
chain=input action=drop in-interface=in-interface

3.
   chain=forward action=accept mac-protocol=arp 
   chain=forward action=accept mac-protocol=ip 
   chain=forward out-interface=out-interface action=accept in-interface=in-interface mac-protocol=0x8863 
   chain=forward out-interface=out-interface action=accept in-interface=in-interface mac-protocol=0x8864 
   chain=input action=drop in-interface=in-interface

or u have something better ?

Best Regards,

El-Emin · February 16, 2008, 7:53pm

does anyone now ?

kthameen · February 16, 2008, 8:09pm

its simply as follows

0 chain=forward mac-protocol=0x8863 action=accept

1 chain=forward mac-protocol=0x8864 action=accept

2 chain=forward action=drop

El-Emin · February 16, 2008, 8:28pm

When use chain forward action=drop all pppoe conections goes down, for chain input its working.