But now I want to use some /bridge/filter features on some packets (specifically, ARP packets - to deny ARP spoofing).
Is it possible to do that, without disabling L2 HW offloading?
I've tried to do this:
Code: Select all
/in eth sw rule add switch=switch1 ports=ether1 mac-protocol=arp redirect-to-cpu=yes
Is it possible? Maybe I'm doing something wrong?
Or do I even need /bridge/filter functionality to filter 'source address' field of ARP protocol ?