I have a RB493. It's running ROS 5.5.
I want to block all access from WinBox clients on 'ether4', unfortunately I don't seem to be able to do so.
If I create the following three rules:
and then plug a PC into ether4, I can still connect Winbox to the MAC address of the router. The interesting thing is that the packet count for dropped packets on the input chain increases and I see absolutely no traffic matching the rule in the output chain.
Code: Select all
/ip firewall filter add action=drop chain=input disabled=no in-interface=ether4 add action=drop chain=output disabled=no out-interface=ether4 add action=drop chain=forward disabled=no
The worrying thing is that the firewall appears to be working (input chain rule count incrementing), but it clearly isn't. What other kinds of traffic can bypass the filter?