Community discussions

MikroTik App
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Block MNDP via a Firewall-Rule

Fri Aug 05, 2022 5:12 pm

Hi,

I want to block MNDP via a Firewall-Rule
The follwing does NOT work (for testing purposes action = passthrough):

/interface bridge filter
add action=passthrough chain=output dst-port=5678 ip-protocol=udp mac-protocol=ip

nor
/ip firewall filter
add action=passthrough chain=output dst-port=5678 protocol=udp

nor
/ip firewall raw
add action=passthrough chain=output dst-port=5678 protocol=udp

ROS7.4, any thoughts?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block MNDP via a Firewall-Rule

Fri Aug 05, 2022 5:27 pm

explicit betteer you needs.

block all or only on one or more interface?
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: Block MNDP via a Firewall-Rule

Fri Aug 05, 2022 5:44 pm

My need is to block outgoing MNDP traffic via a Firewall-Rule.

To be more specific, I want do drop all MNDP traffic except if a pre-defined IP-Network is the source IP of the frame. Only if an IP out of this net is the source IP of the MNDP-frame, it should pass. The MNDP-frame must be dropped if the source-IP != pre-defindes Network.

Should be a simple task, but the MNDP-stuff does not show up...

The yellow things have to match, IP-network, UDP 5678, otherwiese drop:

Screenshot 2022-08-05 164721.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block MNDP via a Firewall-Rule

Fri Aug 05, 2022 6:04 pm

Like DHCP server, you can not intercept this internal cpu service on firewall.
But you can disable MNDP at all, or only for specific interface using, for example, one interface list where list only the allowed interfaces.

Who is online

Users browsing this forum: Husky and 74 guests