I have "problem" with config:
vlans:
30 - IOT
100 - WIFI for guests
20 - for all "known" devices like PC, NAS etc.
Each vlan has its own bridge:add address=172.16.30.0/24 list=vlan_30
add address=172.16.20.0/24 list=vlan_20
add address=172.16.100.0/24 list=vlan_100
I don't know what am I doing wrong, but I cannot:/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=vlan_iot comment="VLAN IOT" tagged=vlan_iot untagged=wlan5,wlan3 vlan-ids=30
add bridge=vlan_data comment="VLAN DATA" tagged=vlan_data untagged=wlan1,wlan2,ether1,ether2,ether3,ether4 vlan-ids=20
add bridge=vlan_guests comment="VLAN GUESTS" tagged=vlan_guests untagged=wlan4,wlan6 vlan-ids=100
1. disable intervlan routing - no packet are captured
2. restrict access ONLY in list VLAN_LIMITED_ACCESS to internetadd action=mark-connection chain=forward in-interface-list=VLAN_LIMITED_ACCESS log=yes log-prefix=prohibited new-connection-mark=prohibited out-interface-list=VLAN_FULL_ACCESS passthrough=yes
...
add comment="VLAN ioT" interface=vlan30 list=VLAN_LIMITED_ACCESS
add comment="VLAN DATA" interface=vlan20 list=VLAN_FULL_ACCESS
add comment="VLAN GUESTS" interface=vlan100 list=VLAN_LIMITED_ACCESS
Counters on those rules won't increase :/add action=drop chain=forward in-interface-list=VLAN_LIMITED_ACCESS out-interface-list=!WAN