Port isolating RB951G-2HnD

mailalert · August 12, 2019, 5:33pm

Hello,
I have RB951G-2HnD and I’d like to isolate port, but have no luck and dont know why. Here is my configuration (what I’ve changed in default conf):

/interface bridge settings
set use-ip-firewall=yes
/ip firewall address-list
add address=192.168.88.10-192.168.88.255 list=block
/ip firewall filter
add action=reject chain=forward dst-address-list=block reject-with=
icmp-network-unreachable src-address-list=block

but I still can ping computers, so what’s wrong?!

ps: I’ve used this tutorial> https://www.youtube.com/watch?v=UsgJFhkHB9g

Link100 · August 12, 2019, 6:38pm

Bridge->Ports
and then select the port/etherX where the filter should be applied and disable Hardware Offload.

Works?

mailalert · August 12, 2019, 7:07pm

yeah! looks like working, thx!

but it is possible to configure one port (e.g. 2) for access all over network?

Link100 · August 12, 2019, 8:09pm

Then you simply leave Hardware Offload enabled for Port 2.

mailalert · August 13, 2019, 6:08am

I’ve did, but it didnt work .. but I will try again, thx!