Hello everyone,
I want to move all Ethernet Ports from bridge-mode to switch-mode via WinBox. How to do it?
Why I want to do it? Because per Ethernet Port firewall rules are not applicable as long as everything works in Bridge Mode.
Thanks,
WarStalkeR.
“Switch-mode” (the way I understand it) and “ethernet port firewall rules” don’t go together.
So what exactly is your goal, described in plain English?
I want to apply firewall rules based on the Ethernet Port (ether1..10), but because everything is hooked to the default configuration bridge I can’t do it. How can I resolve it?
If you want to apply firewall rules with regard to LAN in-interface, you can either set use-ip-firewall=yes on bridge (and disable HW offload for ports you want to firewall) or remove port from bridge and set up separate IP subnet on that port. If you decide to go with use-ip-firewall, beware that you’ll have to re-think most of firewall filter rules as they might apply to more traffic than you’d wish … or in a different way. And you may want to think about why you’d want to enforce firewall filter to traffic inside same subnet.
Alternative to using firewall filter might be to use /interface bridge filter … and again you have to make sure HW offload is off for ports you want to filter.