The system is working with this unchecked. I have an input rules working that allows in UDP, TCP requests from the lan port 53 while blocking WAN requests. Name resolution is working properly. When I turn on Bridge / use IP firewall /use VLAN that rule stops running.
There are no filter rules on the bridge.
So if I get you right: you used to have a completely working firewall, and the only thing you've done is that you've set both
use-ip-firewall and
use-ip-firewall-for-vlan to
yes in
/interface bridge settings, and your DNS handling rule "stopped working", or, more exactly, the clients stopped receiving DNS responses from the Mikrotik itself?
If so, something in
chain=prerouting of your
/ip firewall raw or
/ip firewall mangle rules may block or redirect DNS requests coming from the clients connected to bridge ports to the IP address of your Mikrotik itself - see
these pictures for how
/interface bridge settings set use-ip-firewall=yes changes the path of the packet through the system. In another words, in this case, the ip firewall rules mentioned above are used in addition to the
/interface bridge filter rules, so even if the bridge filter rule table is empty, the ip firewall rules affect the packet flow.