i have some question about mangle traffic in bridge interface.
this is the topology
now i want to use mangle for see the traffic passing on that bridge 1
why i need to enable ip firewall for vlan in bridge setting to see traffic statistic bytes/packet? im not using any vlan. just bonding and bridge.
when i disable ip firewall for vlan the bytes/packet count is stopping.
is it a bug or we need enable ip firewall for vlan when using mangle on bridging? im using RouterOS 6.38.5 btw.
thanks
Because bridge forwarding is a layer 2 operation. (dealing in MAC addresses / VLAN tags)
IP is a layer 3 operation.
If you want the layer 3 components to inspect the layer 2 traffic, then the bridge needs to be configured to kick frames up to the IP firewall for inspection as if they were being routed.
thanks for explanation, i know IP firewall enable is needed.
but i want to ask is do we need also to enable ip firewall for vlan?. when i disable it the mangle count is stopping
im not using any vlan in mikrotik :
anyone can explain behavior about enable ip firewall for vlan in bridge interface?.
when i disable it the ping packet through mikrotik seem intermittent. but when i enabled it the cpu / memory is getting high.
