Hi
I have the following setup:
Main router RB750Gr3:
interface macsec
add ckn=(hidden) disabled=no interface=ether4
mtu=1468 name=macsec111 profile=default
Second router RBwAP2nDr2:
/interface macsec
add ckn=(hidden) disabled=no interface=ether1
mtu=1468 name=macsec143 profile=default
Mac sec is running fine:
[admin@Ogrodowa 146] /interface/macsec> print
Flags: I - inactive, X - disabled, R - running
0 R name=“macsec111” mtu=1468 interface=ether4 status=“open-encrypted”
How can I allow only incoming traffic from macsec111 to passthrough further and block other traffic from interface=ether4 ?
Tried the followin firewall rules at main router:
add action=passthrough chain=forward comment=“Pass MACsec 111” in-interface=macsec111
add action=drop chain=forward comment=“Block 111” in-interface=ether4
but it does not do the trick 
Can anyone help please ?
BR