Community discussions

MikroTik App
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Bridge Filtering

Mon Aug 01, 2022 11:47 pm

I use a CCR2116 unit with V7.4 as a bridge filtering only device for added security at the office.
I pass traffic through two ports on the same bridge with firewall rules applied to the bridge.
No Fast-Foward or HW offload or Fast-Track being used. Only Use-IP-Firewall on the bridge.

I load some IPs to filter with rules like the IP drop below. To sites like known Phishing sites.
However, I want to whitelist some domains that main be sharing the same IP so I put an accept rule higher on the list of raw rules with the specific domain to accept.

/ip firewall filter raw
add action=accept chain=prerouting comment=Whitelist_domain content=dontblockme.com dst-port=80,443 in-interface-list=BR_ALL protocol=tcp
.
.
.
add action=drop address-list=PhishList chain=prerouting comment="Phishing" in-interface-list=BR_ALL

However, MT always matches the IP rule before the one above it using the content=dontblockme.com . Despite the fact that the accept rules is much higher on the list.
Looking at the packet_flow diagram in https://wiki.mikrotik.com/wiki/Manual:Packet_Flow
This case would fall under the Bridging diagram. But its not clear if this is how things are supposed to work.

Any comments?

Who is online

Users browsing this forum: Bing [Bot], BrianTax, GoogleOther [Bot], st3lios and 72 guests