Hi All. Appreciate any help here. I am new to Microtik. I would like to restrict traffic and apply an acl on two interfaces. One copper port, and one wifi SSID. I would like them to remain on the same up network as the rest of my network. What would be the best way to do this? let me know if you need more info! Thanks!!
Hello,
I would like to restrict traffic and apply an acl on two interfaces
ACL should be something like some interfaces/IP/users can access some other interfaces?
This seems to me like 2 firewall filter rules
Regards,
Damián
So I think I solved this although probably not the best way. I turned off hardware offloading on the given bridge ether interface and enabled the firewall for the bridge. This allowed me to create forward chain rules for specific destination ips. It seems to work, but still wonder if there is a better way. The goal being to restrict traffic from one port to other devices on the same logical network. Is there a way to accomplish this without hardware offload disabled. Is there a better way to set this up using vlan.
Also, haven’t tried playing with the wlan1 interface yet and accomplish something similar for the device when it goes wireless.
Appreciate the response and any thoughts!
Sorry, I forget that is not posible to use slave interfaces (members of a bridge) in filter rules
In Winbox gui, when creating a new rule, in advanced tab, there are two matching options called: “in-bridge-port” and “out-bridge-port”, this is an option, you should need to enable “use-ip-firewall” in the bridge settings.
Maybe you could try using interface-lists, not sure
Or maybe you could use address-list but those addresses should be fixed
In mangle rules is also not possible to create rules with slave interfaces.
VLANS is when you want to divide one phisical network in multiple logical networks, I dont know too much about your environment, I dont know how could be applied
Regards,
Damián