firewall rule to bypass all others by MAC

nikant · August 25, 2017, 6:59am

Hi,

we use some AP connected to our MT that allows only specific simple internet usage (specific ports etc) to all users.

Is there a way to add a rule on top of the firewall to bypass all others for a specific MAC address (so that nothing is filtered for that)?

(we also mangle connections and packets for QoS and for that MAC we added a new mark to bypass QoS and bandwidth limit so that seems OK)

Sob · August 25, 2017, 11:26am

/ip firewall filter
add action=accept chain=forward src-mac-address=xx:xx:xx:xx:xx:xx

nikant · August 25, 2017, 1:04pm

..that simple! Thank you!!

razanihamed · August 27, 2017, 5:48am

This is simple but important security rule which can bind an special port to specific MAC-Address
This not as wide as cisco port security but useful
i recommend you to bind all of your ether port to predefined MAC-Address so it will reduce Layer2 attack risks