Hello,
I currently have an RB433 running V6.12. I am noticing a lot of input traffic on eth1, which is the main internet connection port, going to protocol/port UDP/53 coming from the same MAC but from various IP’s. I would like to block the MAC address. My question is with the firewall rule config. The chain would be input, would the src address need to be 0.0.0.0 or should I not put in a src address and the src MAC address would be xx:xx:xx:xx:xx:xx and then of course just drop the traffic. Would this be correct? As I said, the IP addresses are all different but seem to be going to the same UDP 53 port. Thanks for your help.
If you block the MAC, you block your gateway/router connected on ether1…
I give you the solution.
Add on firewall filter one rule on input chain to drop all new connection on port 53 udp coming from ether1.
Add on firewall filter one rule on input chain to drop all new connection on port 53 tcp coming from ether1.
Thanks you rextended. That did it. Thanks for your reply.