Hello,

I have ROS 3.3 with this bridge configuration:

Bridge:
R name="Bridge" mtu=1500 arp=proxy-arp mac-address=00:16:17:16:DF:80
protocol-mode=rstp priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m

Settings:
use-ip-firewall: yes
use-ip-firewall-for-vlan: yes

Ports:
0 Lan1 Bridge 0x80 10 none
1 Lan2 Bridge 0x80 10 none

----------------

I need use firewall filter rules (drop) to filter traffic from port Lan1 to Lan2. Example:

19 ;;; FW_LAN1_LAN2
chain=forward action=jump jump-target=FW_LAN1.LAN2 in-bridge-port=Lan1 out-bridge-port=Lan2

This rule doesn't work! Please help me other way to filter this communication.

Thanks.

Make sure you have created "FW_LAN1.LAN2" chain otherwise this rule will be invalid.

I have created "FW_LAN1.LAN2" !

When I use in-bridge-port or out-bridge-port in filter rule, this rule sometimes work, sometimes not without change.
After reboot ROS, rules work fine, but after time doen't work again!

This rule still not work:
chain=forward action=accept connection-state=new in-interface=W1 out-bridge-port=DMZ

Interface W1 is eternet to ISP, and DMZ id any port from Bridge !!!!

PLEASE HELP ME )

I find out where is the problem !


When you use "connection-state=new" bridge port filtering doesn't work correctly !

Please correct this bug.

Thanks.

In version 3 also there is a check box to use the IP Firewall in the bridge. I think thats bridge and then settings.

Sorry, I wrote (I know this settings):

"I have ROS 3.3 with this bridge configuration:

Settings:
use-ip-firewall: yes
use-ip-firewall-for-vlan: yes
"

I have problem with bridge filtering. I try this on three ROS and filtering doesn't work correctly.

I have 4 and more ethernet interfaces in bridge. When I have 2 interfaces, filtering is OK.
I try simple filters rules with log traffic and more traffic doesn't catch on filter. It's bug!

We actually just had a 564, do some weird stuff but we don't have any firewall rules or the Firewall turned on.

The issue is that one some websites, it hangs. Right in the middle of the page it stops and just says waiting for site. Reboot the unit, it works fine for a while, (have not been able to put a time on it) and then after a while, it starts to hang on cirtian sites.

Once we get the 2.9 running and let it run for while, we will see if the problem resurfaces.

All 9 Ethernets are bridged between two bridges. Soo.. If it don't resurface after tomorrow, we may put 3.3 back on it, and wait till it happens again and generate a supout. Make sure if you have this issue to send that supout.rif to support@mikrotik.com