I have a CCR1009 with 2 bridges, I want to block traffic between the bridges without vlan so I try to use bridge filter, but the bridge filter didn't catch any traffic, I had enable use ip filter and disable fastpath in bridge setting.
/interface bridge filter
add action=drop chain=forward in-bridge=bridge1 out-bridge=bridge2
add action=drop chain=forward in-bridge=bridge2 out-bridge=bridge1
I also try block traffic between 2 interface in the same bridge but it didn't work too.
what is the correct way to do that?
Re: Bridge filter didn't work
I have the opposite problem. I have VLANs and want to allow traffic between two hosts.
-
-
vecernik87
Forum Veteran
- Posts: 882
- Joined:
Re: Bridge filter didn't work [SOLVED]
@dummyPlug:
traffic between two non-bridged interfaces (including bridges themselves) is filtered via /ip firewall because it is L3 (IP routing)
You cant do it with bridge-filter because those rules apply for bridge forwarding (same L2 domain)
this might help you understand what is happening: https://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6
traffic between two non-bridged interfaces (including bridges themselves) is filtered via /ip firewall because it is L3 (IP routing)
You cant do it with bridge-filter because those rules apply for bridge forwarding (same L2 domain)
this might help you understand what is happening: https://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6