Previously (on v6) I had single bridge interface with configured interface list named PURE, which contains several in-bridge ports, which is marked as pure and have separate route (bypassing vpn)
I used it to mark route by mangle using following rules:
Code: Select all
# RouterOS 7.1beta2
# model = RouterBOARD cAP Gi-5acD2nD
/ip firewall mangle
add action=mark-routing chain=prerouting comment=vpn dst-address=!192.168.89.0/24 new-routing-mark=vpn passthrough=yes src-address=192.168.89.0/24
add action=mark-routing chain=prerouting comment=pure in-bridge-port-list=PURE new-routing-mark=pure passthrough=yes
So newly added routing tables and related routes could not process the packages to bypass the vpn default route, marked by first (vpn) mangle rule.
I found that the set of in-bridge-port-list or in-bridge-port parameter broke any package counting and the marking action itself.
I also tried to use /routing/rule to filter in-bridge interfaces by explicit interface names, but without any luck, since interface belongs to the bridge.
Looks like there is no option at this time to filter bridged interfaces in firewall mangle prerouting chain and in routing rules.
With a research here (on forum) and google I considered this bug/feature as unknown.
Now I'm asking forum community and calling for nice developers to give some comments and/or recommend how I can reach the same functionality as I have before with the new v7 routeros.