Community discussions

 
User avatar
martini
Member Candidate
Member Candidate
Topic Author
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Drop Gratuitous arp on bridge firewall

Thu Apr 22, 2010 2:07 pm

Hello all, help me to create firewall rule that drop Gratuitous arp.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5940
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Drop Gratuitous arp on bridge firewall

Fri Apr 23, 2010 4:23 pm

Gratuitous ARP request is an AddressResolutionProtocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff.
So basically you can add bridge filter to drop packets according to src/dst and mac address
 
User avatar
martini
Member Candidate
Member Candidate
Topic Author
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: Drop Gratuitous arp on bridge firewall

Fri Apr 23, 2010 4:43 pm

yes, i know that, but i need to drop about 1500 ip, if i can use address-list in bridge firewall - it would be very nice, but we can use address-list only in ip firewall.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5940
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Drop Gratuitous arp on bridge firewall

Fri Apr 23, 2010 4:45 pm

in bridge settings you can enable use-ip-firewall and filter out packets using ip filters.
theoretically it should work.
 
User avatar
martini
Member Candidate
Member Candidate
Topic Author
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: Drop Gratuitous arp on bridge firewall

Fri Apr 23, 2010 5:20 pm

)) i think about that, but in ip firewall MT only have src-mac-address, but i need dst-mac-address (FF:FF:FF:FF:FF:FF)

Who is online

Users browsing this forum: No registered users and 50 guests