hi all,
i made hotspot server as bridge , and i created 11 vlans under ether6, and i put wlan, ether6 , and 11 vlans in bridge ports.
someone give me this filter to prevent clients from seeing ip and mac of other clients in my network ,but really i suffer from connecting with my network and i don't know if this script good , or need some settings to be good , or i have to try another filter .
this is the filter :
/interface bridge filter
add action=drop chain=forward dst-port=10001 ip-protocol=udp mac-protocol=ip
add action=drop chain=input dst-port=10001 ip-protocol=udp mac-protocol=ip
add action=drop chain=output dst-port=10001 ip-protocol=udp mac-protocol=ip
/interface bridge filter
add action=drop chain=forward mac-protocol=arp in-interface=vlan100
add chain=forward mac-protocol=!arp out-interface=vlan100
add action=drop chain=forward mac-protocol=arp in-interface=vlan101
add chain=forward mac-protocol=!arp out-interface=vlan101
add action=drop chain=forward mac-protocol=arp in-interface=vlan102
add chain=forward mac-protocol=!arp out-interface=vlan102
add action=drop chain=forward mac-protocol=arp in-interface=vlan104
add chain=forward mac-protocol=!arp out-interface=vlan104
add action=drop chain=forward mac-protocol=arp in-interface=vlan105
add chain=forward mac-protocol=!arp out-interface=vlan105
add action=drop chain=forward mac-protocol=arp in-interface=vlan106
add chain=forward mac-protocol=!arp out-interface=vlan106
add action=drop chain=forward mac-protocol=arp in-interface=vlan107
add chain=forward mac-protocol=!arp out-interface=vlan107
add action=drop chain=forward mac-protocol=arp in-interface=vlan108
add chain=forward mac-protocol=!arp out-interface=vlan108
add action=drop chain=forward mac-protocol=arp in-interface=vlan109
add chain=forward mac-protocol=!arp out-interface=vlan109
add action=drop chain=forward mac-protocol=arp in-interface=vlan110
add chain=forward mac-protocol=!arp out-interface=vlan110
add action=drop chain=forward mac-protocol=arp in-interface=vlan111
add chain=forward mac-protocol=!arp out-interface=vlan111
Is there anyone can help me plz?... i feel tired from people who steal mac address in my netwrok