Hello!
What is the maximum number of rules can be used in the Firewall? I want to check the mac address.
Thanks!
The more rules you add, the more rules need to be checked for each packet. So it depends on the number of packets and the available CPU resources. No one can give you a hard number as it depends on your specific environment.
If you need to check layer 2 information you should do so on a layer 2 device, such as a switch, rather than a layer 3 device, such as a router.
If you’re using RouterOS to bridge a lot of traffic you’re using the wrong tool. You should ideally only bridge wireless radios into the wire. If you’re doing that and need to check MAC addresses you should read the wireless section of the manual and use access lists rather than firewall rules.
Thank you for your reply!
Mac addresses are checked do not have wireless clients. Rules may be from 1000 to 2000.
The router RB1200
How best to check the mac-address? ARP-static, Firewall, Bridge-filter?
Static ARP with the ARP mode of the interface set to “reply only” is your only option. You can’t do 2000 rules that must all be checked for each packet or frame. The router would slow to a crawl.