Winbox Bug?

GJS · August 28, 2004, 4:46pm

I have two IP subnets on one MT interface. By default all clients on the two subnets can communicate with each other (???)

So, I tried to block them with a firewall rule:

[admin@pad001X] ip firewall rule forward> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   src-address=192.168.60.103/32 dst-address=10.0.51.10/32 action=drop 
     log=yes 
[admin@pad001X] ip firewall rule forward>

This works but I can only specify a host (/32) address using winbox otherwise I get "could not add rule - source address bad (6).

But in console:

[admin@pad001X] ip firewall rule forward> add src-address=192.168.60.0/24 dst-ad
dress=10.0.51.0/24 action=drop log=yes
[admin@pad001X] ip firewall rule forward> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   src-address=192.168.60.103/32 dst-address=10.0.51.10/32 action=drop 
     log=yes 

 1   src-address=192.168.60.0/24 dst-address=10.0.51.0/24 action=drop log=yes 
[admin@pad001X] ip firewall rule forward>

it works no problem. Is this a winbox bug?

lastguru · August 29, 2004, 12:08am

Worked fine for me recently…

The message could mean that you are trying to add a rule with src-address of not equal to the network address of the respective network. I.e., 10.0.0.0/24 is a correct address, but 10.0.0.1/24 is incorrect.