I have a hEX PoE and I'm trying to use it inline to filter port 443 to some devices. My understanding is that when ports are in a bridge, you can still use firewall filtering, but I am still seeing traffic passing to port 443 on a device beyond the hEX. Below is my config. Can anyone point me in the proper direction? I've tried several chains and none are doing it.
Code: Select all
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether1
/interface bridge settings
set use-ip-firewall=yes
/ip firewall filter
add action=reject chain=input dst-port=443 protocol=tcp
add action=reject chain=prerouting dst-port=443 protocol=tcp
add action=reject chain=forward dst-port=443 protocol=tcp