Studying up on this feature in hopes it could be used to stop spoofing without slowing the CPU.
The idea is allow traffic to or from that has src or dst of x.x.x.x/x and dump everything not legit. Lotsa compromised customer linksys wirelessrouters spoofing dns and all sorts of crap.
Would the first two allow the traffic and prevent it from going to the third rule?
Is there any counters for this?
The syntax and details of this are very crude…
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
Was thinking something like where the switch ports used were slaved to sfp1 and x.x.x.x/x is the proper IP range in use
/int ethernet switch rule
add ports=sfp1 rate=100M src-address=x.x.x.x/x switch=switch1
add ports=sfp1 rate=100M dst-address=x.x.x.x/x switch=switch1
add ports=sfp1 new-dst-ports=
Any better ideas are appreciated.