Community discussions

MikroTik App
 
bracks917
just joined
Topic Author
Posts: 2
Joined: Thu Nov 24, 2022 2:55 pm

Firewalling with hardware offload enabled

Thu Nov 24, 2022 4:21 pm

Hi, i currently have a CCR2116 and CRS326 setup with a few vlans and firewall rules.
The vlans are setup via a bridge with hardware offloading enabled.

Firewall rules between different vlans work as expected due to hitting the router however i'm having trouble applying firewall rules to hosts on the same vlan on the switch. WIth hardware offloading enabled, any firewall rules or bridge filters are completely ignored. I turned hw offload off for two ports, and the bridge filters then worked.

I'm guessing the traffic never hits the cpu (as expected). Is there any way to apply firewall or filters with hw offload enabled?
Trying to avoid port isolation/forwarding override or applying UFW to every host.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Firewalling with hardware offload enabled

Thu Nov 24, 2022 7:41 pm

Is there any way to apply firewall or filters with hw offload enabled?

No, not within same IP subnet.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Firewalling with hardware offload enabled

Thu Nov 24, 2022 7:44 pm

 
bracks917
just joined
Topic Author
Posts: 2
Joined: Thu Nov 24, 2022 2:55 pm

Re: Firewalling with hardware offload enabled

Thu Nov 24, 2022 9:30 pm

Yes, this works perfectly. Need to do a bit of stress testing, seeing some CPU spikes.
Thank you!!

Who is online

Users browsing this forum: Bing [Bot] and 63 guests