I would like to find the answer to a phenomenon that i have an ac2 router with a switch connected to it and from this switch 400 mbps traffic is coming back to the mikrotik router and how to block this traffic completely, so that nothing comes back from the switch.
The switch is connected to the eth 3 port of the mikrotik router, and the basic bridge is assigned.
No matter how I try, I can't block the incoming RX traffic on the eth 3 port, I tried filter rules, bridge filter.
Does anyone have any ideas? i would really appreciate it.
Code: Select all
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
5 chain=input action=accept protocol=tcp src-address=xx.xx.xx.xx dst-port=8291 log=no log-prefix=""
6 chain=input action=accept protocol=tcp src-address=xx.xx.xx.xx dst-port=8291 log=no log-prefix=""
7 chain=input action=accept protocol=tcp src-address=xx.xx.xx.xx dst-port=8291 log=no log-prefix=""
8 chain=input action=accept protocol=tcp src-address=xx.xx.xx.xx dst-port=8291 log=no log-prefix=""
9 chain=input action=accept protocol=tcp src-address=xx.xx.xx.xx dst-port=8291 log=no log-prefix=""
10 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
11 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
12 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
13 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix=""
14 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
15 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
16 chain=forward action=drop src-address=10.10.10.10 in-interface-list=LAN log=no log-prefix=""
17 chain=forward action=drop src-address=10.10.80.60 in-interface-list=LAN log=no log-prefix=""
18 chain=forward action=drop src-address=16.16.16.16 in-interface-list=LAN log=no log-prefix=""
19 chain=forward action=drop src-address=192.168.2.0/24 in-interface-list=LAN log=no log-prefix=""
20 chain=forward action=drop src-address=192.168.3.0/24 in-interface-list=LAN log=no log-prefix=""
21 chain=forward action=drop src-address=192.168.20.0/24 in-interface-list=LAN log=no log-prefix=""
22 chain=forward action=drop src-address=192.168.88.0/24 in-interface-list=LAN log=no log-prefix=""
23 chain=forward action=drop src-address=192.168.100.0/24 in-interface-list=LAN log=no log-prefix=""
24 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
25 chain=output action=drop dst-address=xx.xx.xx.xx out-interface=ether1 log=no log-prefix=""