Greetings!
If we create this rule in RouterOS7 - accept forward with src mac of one device, and below we create a drop forward rule. Traffic in the network does not go even from the device with the MAC address specified in accept. If we do all this in RouterOS6, everything works. Why and how to implement this in RouterOS7?
If you create only these two rules:
/ip firewall filter
add chain=forward src-mac-address=xx:xx:xx:xx:xx:xx action=accept
add chain=forward action=drop
then it won’t do what you want (also in ROS6). You need third rule before those two:
/ip firewall filter
add chain=forward connection-state=established action=accept
Are you trying to catch L2 traffic in firewall? This doesn’t pass through it. If device is connected directly, you need to enable IP firewall for bridge (or better consider other options of doing what you want).
Even with this rule it doesn’t work in version 7. But even without this rule it works in version 6
No, i’m trying drop all packets after accept rule.
Do you have any other config beyond these two rules? If you do, then it’s probably something in there. If you don’t, it’s not possible, or you’re expecting something else than I think. What these two rules do is that first one allows any packet from given MAC address. And second blocks everything else, including any response going back to that MAC address. So the device can send anything, but there won’t be any bidirectional communication, in both v6 and v7.