I have a MikroTik hAP ac3 (Home AP dual mode) which has the default bridge interface.
DHCP server and NAT are disabled.
My computer is wirelessly connected to this router and the router is wirelessly bridged with a hAP lite which operates as bridge (CPE mode) and it has a laptop connected on it via ethernet cable.
Topology is like this: COMPUTER<----WIFI----->MikroTik router hAP ac3<---WIRELESS BRIDGE---->hAP lite<-----ETHERNET----->laptop.
I want to block all traffic coming from the laptop.
I added a Filter rule in the Bridge menu (I checked "use IP firewall"):
chain=input
In. bridge=bridge
Out. bridge=bridge
MAC protocol=800 ip
Src. Address=192.168.88.3/32 (laptop's NIC address)
Action=drop
The problem is that if -from my laptop- I ping my computer (192.168.88.2), the packets travel through the Mikrotik Router and reach it normally (which I don't want), but if I ping my router (192.168.88.1) the packets are successfully blocked (which I want).
What should I change in order to block all traffic from laptop no matter where it's destined?