Firewall drop rules

Hi!

RB751, v5.26

When I make the rule:
chain=forward action=drop src-address=192.168.100.0/24
or
chain=forward action=drop out-interface=bridge1
they block any connections.


But if I use both the rules together
chain=forward action=drop src-address=192.168.100.0/24 out-interface=bridge1
all connections are allowed again.

Why?

Because in the second rule, the packet going through, must meet both criteria in order to match it and be dropped. Obviously they don’t match, meaning packets coming from 192.168.100.0/24 do not go out of bridge 1

Thank You!

I’ve found the similar answer over here:
http://www.mikrotik.com/documentation/manual_2.4/IP/Firewall.html