I've been testing the firewall feature on the CRS328, and I stuggle to understand the following ruleset:
Code: Select all
/ip firewall filter
add action=drop chain=input comment="Block mgmt on eth1" in-interface=ether1
add action=accept chain=input connection-state=established,related,untracked
add action=accept chain=input protocol=icmp
If I enable logging, I can see that the telnet packages are listed by the rule. So the filter is capturing the packages, but still forwards them to the CPU?
The ether1 interface is not part of any bridge configuration
Note: I know there are many alternatives to block mac-telnet, but I'm trying to understand why the above rules don't work, and possible consequences for other protocols.