Windows' Network Discovery stopped working with F/W'd bridge

RouterOS General
1

Hey,

Today I enabled “Use IP Firewall” under bridge settings, and added some rules to block SSH traffic from computers not in an address list and only allow NFS to one computer. After configuration however I’ve noticed that Windows clients can only see themselves under “Network”.

Here are my firewall rules under Filter:

 0    ;;; Allow NFS from 192.168.1.12 to 192.168.1.16 (192.168.1.16 as server)
      chain=forward action=accept protocol=tcp src-address=192.168.1.12 dst-address=192.168.1.16 in-interface=bridge-local dst-port=2049 log=no log-prefix="" 

 1    ;;; allow SSH only from SSH clients
      chain=forward action=drop protocol=tcp src-address-list=!SSH clients in-interface=bridge-local dst-port=222 log=no log-prefix="" 

 2    ;;; Drop all other NFS traffic
      chain=forward action=drop protocol=tcp in-interface=bridge-local dst-port=2049 log=no log-prefix="" 

 3    ;;; Drop all other NFS traffic
      chain=forward action=drop protocol=udp in-interface=bridge-local dst-port=2049 log=no log-prefix="" 

 4    ;;; default configuration
      chain=input action=accept connection-state=established log=no log-prefix="" 

 5    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 6    chain=forward action=accept connection-state=new in-interface=bridge-local log=no log-prefix="" 

 7    ;;; default configuration
      chain=input action=accept connection-state=related in-interface=bridge-local log=no log-prefix="" 

 8    ;;; default configuration
      chain=forward action=accept connection-state=established in-interface=bridge-local log=no log-prefix="" 

 9    ;;; default configuration
      chain=forward action=accept connection-state=related in-interface=bridge-local log=no log-prefix="" 

10    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

11    ;;; prevent remote TCP DNS requests
      chain=input action=drop protocol=udp in-interface=1 BT PPPoE port=53 log=no log-prefix="" 

12    ;;; prevent remote UDP DNS requests
      chain=input action=reject reject-with=tcp-reset protocol=tcp in-interface=1 BT PPPoE port=53 log=no log-prefix=""

Why would network discovery have stopped working?

The SSH and NFS rules work as they should, and things like Synergy, SMB and Remote Desktop using IP addresses work fine. It seems to only be network discovery and hostnames which have stopped working.