Dear Sirs,
we just address some small problem with colleague and I hope somebody smarter will help us. PC, RoS 3.30 there are 6 eth and 6 wlan cards. All of iface are in the bridge, ones IP is on that bridge /only for management/. I note, the area is flat /19 mask/, separated by VLANs on the switchs. In version 2.9.x wasn´t problem to make it in firewall rules for a drop of comunication between iface, for example:
chain=forward action=drop in-interface=nstreme1 out-interface=!ether1
And it worked. Ahead of the rolls I could put an exceptions /as authorization admins IP etc/. But at the version 3.x is not possible to aply this rule. I switched on in the Bridge ´Use IP Firewall´, in folder ´Filters´ I made these rules. It works. But the problem is, I cannot put ahead of this any accepted rules for authorization enter from admin address/item IP is gray, inactive/. I tried mangled all of the admin packets and after I do it with help of the packet mark. Neither this possibility worked. Do somebody know what to do? Or how to resolved this problem?
Bridge Filter Settings:
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:30:48:9C:DD:12
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
0 ;;; drop broadcast
chain=forward action=drop packet-mark=broadcast
1 X ;;; drop communications over iface
chain=forward out-interface=!__backbone action=drop in-interface=__116
2 X chain=forward out-interface=!__backbone action=drop in-interface=__117
3 X chain=forward out-interface=!__backbone action=drop
in-interface=wlan1-295/296 packet-mark=!admin
4 X chain=forward out-interface=!__backbone action=drop in-interface=wlan2-ZS
packet-mark=!admin
5 X chain=forward out-interface=!__backbone action=drop
in-interface=wlan3 packet-mark=!admin
Thank so much.
