How to filter internal traffic.

joydeep9932 · March 29, 2019, 8:57am

Hi,
Is it possible to filter internal traffic?
Example -

My network ID - 192.168.3.0
HOST A - 192.168.3.10
HOST B - 192.168.3.20

HOST B is listening to pot 22. Now, I want to block HOST A (192.168.3.10) to access HOST B (192.168.3.20) with port 22.
Thanks..

mkx · March 29, 2019, 9:23am

It is possible … by using IP firewall on bridge. But then you need possibility to force all traffic between hosts A and B through router’s CPU … and that includes connecting hosts A and B to different router’s ether ports and disabling HW offload for at least one of those ports (preferably the one which carries less traffic from other LAN hosts connected to same port via some switch).

sebastia · March 29, 2019, 10:42am

Some options:

firewall on host B
bridge firewall, but that will get tedious fast, also not all switch chips support it, which would require full cpu processing → slow
split network in different domains and block traffic between these networks

nostromog · March 30, 2019, 7:19am

I’m not sure if you mean the feature of WiFi networks disabling one client communicating with another one directly… (default-forward in /interface wireless, forwarding in /interface wireless access-list).

Sent from my Redmi Note 5 using Tapatalk