Community discussions

MikroTik App
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Bridge filter rules not working

Tue Feb 06, 2024 7:30 am

I'm having a problem with bridge rules on my L009 that is used as a switch. In my testing I wanted to block access for a device with some MAC address.

I created rule, added option to log and when I connect device to ether6 for which I created rule to block that device, that device connects to network... But what is strange I see that I have about 40 dropped packets and I can see in logs that rule is doing something but device still connects.
Like something is bypassing rules. I tried to disable HW offload but then there is no connection with or without rules.

Here is my config:
# 2024-02-06 06:17:16 by RouterOS 7.13.3
# software id = 
#
# model = L009UiGS
# serial number = 
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=VLAN_100_MGMT vlan-id=100
/port
set 0 name=serial0
/interface bridge filter
add action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \
    src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether6 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether7 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether8 pvid=200
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp1
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp1 vlan-ids=100
add bridge=bridge1 tagged=sfp1 vlan-ids=150
add bridge=bridge1 tagged=sfp1 vlan-ids=200
/ip address
add address=172.16.0.1/24 comment=OFF_BRIDGE_MGMT interface=ether1 network=\
    172.16.0.0
/ip dhcp-client
add interface=VLAN_100_MGMT
/system clock
set time-zone-name=Europe/Zagreb
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:15 am

/interface bridge filter
add action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \
    src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF

Using bridge port as in-interface isn't correct AFAIK. If using use-ip-firewall=yes, then it should be possible to use in-bridge-interface instead. But I don't know what one should do when using use-ip-firewall-for-vlan, there are quite a few forum threads where people are having problems with this, so it seems a bit hard to figure it out.

When looking at packet flow in the old wiki page (the new one lacks the VLAN example), I'm lost when it comes to interpretation about what is considered as in-bridge-port in your particular use case .... obviously it still is a bridge port as flow of frame/packet shows (after step 8 it takes path via bridging decision rectangle), but is it the original ingress port (where it entered device as tagged frame)? You may try to omit this matching criterion in your rule to see if it makes any difference.
 
holvoetn
Forum Guru
Forum Guru
Posts: 7271
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:29 am

Off-topic: funny you're trying to block TP-Link using Mikrotik :lol:
(can't help it, when I see a MAC address I usually try to see what it is about)

On a serious note:
I was also thinking about removing any filter criteria except for the MAC address.
Then see in the log rule if it provides more detail on the used port/interface so you can refine the rule working from there.

On the other hand: why specify the interface when blocking that MAC address ? Don't you want it to be blocked always ? Or only for that specific MAC/port combination ?
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:44 am

Well this setup is just for learning, what I tried to achieve is one port one allowed MAC address, but I tried everything, bridge in interface, only interface in, heck I even tried drop all, just forward, action drop without any other condition and nothing, i can see that packet count is rising but that's it.

Now I have hap ac lite acting as a switch, without VLANs just to see if there is any difference and no, same thing is happening. Tried searching on forum, tried to use input instead of forward as I saw in another topic that logic between ip firewall and bridge filter is not the same.

This is what L009 outputs to the logs:
 08:40:45 interface,info ether6 link up (speed 1G, full duplex)
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:16, eth-proto 0800, 2, 192.
168.200.88->224.0.0.22, len 40
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (t
ype 143, code 0), fe80::48be:9798:e2ac:b1a6->ff02::16, len 36
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (t
ype 143, code 0), fe80::48be:9798:e2ac:b1a6->ff02::16, len 36
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:16, eth-proto 0800, 2, 192.
168.200.88->224.0.0.22, len 40
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (t
ype 143, code 0), fe80::48be:9798:e2ac:b1a6->ff02::16, len 36
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (t
ype 143, code 0), fe80::48be:9798:e2ac:b1a6->ff02::16, len 36
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:16, eth-proto 0800, 2, 192.
168.200.88->224.0.0.22, len 48
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 19
2.168.200.88:5353->224.0.0.251:5353, len 67
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [f
e80::48be:9798:e2ac:b1a6]:5353->[ff02::fb]:5353, len 47
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [f
e80::48be:9798:e2ac:b1a6]:62139->[ff02::1:3]:5355, len 41
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:fc, eth-proto 0800, UDP, 19
2.168.200.88:62139->224.0.0.252:5355, len 61
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [f
e80::48be:9798:e2ac:b1a6]:5353->[ff02::fb]:5353, len 85
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 19
2.168.200.88:5353->224.0.0.251:5353, len 105
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:48 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 0.
0.0.0:68->255.255.255.255:67, len 350
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (t
ype 143, code 0), fe80::48be:9798:e2ac:b1a6->ff02::16, len 56
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:16, eth-proto 0800, 2, 192.
168.200.88->224.0.0.22, len 48
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:01:00:02, eth-proto 86dd, UDP, [f
e80::48be:9798:e2ac:b1a6]:546->[ff02::1:2]:547, len 103
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:49 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:02, eth-proto 86dd, ICMP (t
ype 133, code 0), fe80::48be:9798:e2ac:b1a6->ff02::2, len 16
 08:40:50 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:40:50 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:40:50 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:50 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:50 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 19
2.168.200.88:137->192.168.200.255:137, len 96
 08:40:50 firewall,info filter forward: in:ether6 out:ether3, connection-state:inv
alid src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806

This is without interface specified:

 08:54:02 interface,info ether6 link down
 08:54:07 interface,info ether6 link up (speed 1G, full duplex)
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (typ
e 143, code 0), fe80::48be:9798:e2ac:b1a6->ff02::16, len 56
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:00:00:16, eth-proto 0800, 2, 192.16
8.200.88->224.0.0.22, len 48
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 0.0.
0.0:68->255.255.255.255:67, len 350
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:10 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac 33:33:00:00:00:02, eth-proto 86dd, ICMP (typ
e 133, code 0), fe80::48be:9798:e2ac:b1a6->ff02::2, len 16
 08:54:11 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:54:11 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:54:11 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:11 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:11 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:11 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:54:12 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:12 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:12 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.200.88:137->192.168.200.255:137, len 96
 08:54:12 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 08:54:12 firewall,info filter forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 10:27:f5:66:03:36, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.
168.200.88:52913->239.255.255.250:1900, len 203
This is shown in bridge filters:

bridge filter.jpg
I mean it drops 33 packets... But PC connects just fine, internet is at full speed...
You do not have the required permissions to view the files attached to this post.
Last edited by gigabyte091 on Tue Feb 06, 2024 9:55 am, edited 1 time in total.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:48 am

/interface bridge filter
add action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \
    src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF

Using bridge port as in-interface isn't correct AFAIK.
I removed ether6 as a condition, so now is just MAC address as a condition. Same thing. I tried to delete the lease in DHCP server but connects everytime...
 
User avatar
vingjfg
Member
Member
Posts: 435
Joined: Fri Oct 20, 2023 1:45 pm

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:54 am

Hmm... a summary read of your logs shows only broadcasts and multicasts.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:58 am

So when I connect device to switch i only see dropped packets that time, after that whatever I do on PC nothing is logged. I tried transferring data to and from NAS, speedtest etc.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Tue Feb 06, 2024 12:20 pm

viewtopic.php?t=181922

Is it possible that bridge filtering in ros 7 is broken ??
 
holvoetn
Forum Guru
Forum Guru
Posts: 7271
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Bridge filter rules not working

Tue Feb 06, 2024 12:21 pm

Could be.
In that case there is only 1 place to turn to: support@mikrotik.com
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Tue Feb 06, 2024 12:30 pm

I tried to disable HW offload but then there is no connection with or without rules.

The thing is: as long as HW offload is active, you won't be able to block unicast traffic between pair of offloaded ports using firewall ... for that traffic has to pass via CPU. The reason you're seeing multicasts and broadcasts (and dropped as per rule) is that these are ... flooded to all ports, including switch_chip-CPU interconnect.

But what you wrote about things getting completely broken if you disable HW offload ... that's concerning at least. So I'm with @holvoetn: open bug ticket with support.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Tue Feb 06, 2024 4:17 pm

It's probably not a bug but misconfiguration on my side.

Tested with two hAP ac2, ROS 7.12, one acting as a router other as switch and when I disable HW offload on all ports that are bridge members my rule works like it should.

Error on my side could be is that i disabled HW offload on ether6 and not on the other ports...

Will test tomorrow in office with L009.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Tue Feb 06, 2024 9:43 pm

Error on my side could be is that i disabled HW offload on ether6 and not on the other ports...

So far I lived with belief that it's enough to disable HW offload on one of ports involved in communication and the whole (bi-directional) traffic should pass CPU.
It does serm that sometimes a power cycle is needed for ASIC setup to actually get applied. But it might be a bug in L009 bridge offload code (in which case support@mikrotik.com might be intetested in details).
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Wed Feb 07, 2024 7:41 am

Rebooted the router, now it's fine, disabled HW offload on all ports and now my rule is working. What i find out is that if i for eg. create rules like this:
 0   chain=forward action=accept 
     src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF log=no log-prefix="" 

 1   chain=forward action=drop log=no log-prefix="" 
I can see packet on accept rule but also on drop rule, so this isn't like firewall rules ? That order of rules matter ?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Wed Feb 07, 2024 9:02 am

According to docs, bridge filter rules should behave like firewall filter rules (i.e. rule order matters, first matching executes and processing of further rules does not happen).
Action to take if packet is matched by the rule:

accept - accept the packet. No action, i.e., the packet is passed through without undertaking any action, and no more rules are processed in the relevant list/chain
So if you're seeing both rules to get executed on very same frame might indicate a bug. But you have to be sure that subsequent log entries actually refer to same packet.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Wed Feb 07, 2024 11:11 am

So i created rules and i set it to log, drop rule is marked drop, accept ofc is accept:
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:18 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:18 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:18 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:19 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:19 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:19 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:19 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:19 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:19 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:19 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:19 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 162
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:59320->[ff02::1:3]:5355, len 30
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fc, eth-proto 0800, UDP, 192.
168.100.53:59320->224.0.0.252:5355, len 50
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:62490->[ff02::1:3]:5355, len 30
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fc, eth-proto 0800, UDP, 192.
168.100.53:62490->224.0.0.252:5355, len 50
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:137->192.168.100.255:137, len 78
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fc, eth-proto 0800, UDP, 192.
168.100.53:62490->224.0.0.252:5355, len 50
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fc, eth-proto 0800, UDP, 192.
168.100.53:59320->224.0.0.252:5355, len 50
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:137->192.168.100.255:137, len 78
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:62490->[ff02::1:3]:5355, len 30
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:59320->[ff02::1:3]:5355, len 30
 10:08:20 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:20 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.
168.100.53:5353->224.0.0.251:5353, len 56
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.16
8.100.113:37265->224.0.0.251:5353, len 62
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:55983->255.255.255.255:4984, len 52
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:7711->255.255.255.255:7701, len 290
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:7711->255.255.255.255:7701, len 362
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:55927->255.255.255.255:69, len 50
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:137->192.168.100.255:137, len 78
 10:08:21 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:137->192.168.100.255:137, len 78
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:57926->255.255.255.255:62976, len 50
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:43282->255.255.255.255:43282, len 36
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:43282->255.255.255.255:43282, len 36
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:43282->255.255.255.255:43282, len 36
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:43282->255.255.255.255:43282, len 36
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:0b:0b, eth-proto 0800, UDP, 192.16
8.100.113:49603->239.255.11.11:5008, len 813
 10:08:21 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 1c:98:ec:24:3a:32, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0800, UDP, 192.16
8.100.107:1900->192.168.100.53:1900, len 280
 10:08:22 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 0.0.
0.0:68->255.255.255.255:67, len 350
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.100:67->255.255.255.255:68, len 328
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:37625->255.255.255.255:5048, len 88
 10:08:22 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:137->192.168.100.255:137, len 78
 10:08:22 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:137->192.168.100.255:137, len 78
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:00:00:fb, eth-proto 0800, UDP, 192.16
8.100.113:37265->224.0.0.251:5353, len 62
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.113:51001->255.255.255.255:51000, len 58
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:49406->239.255.255.250:3702, len 777
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:49406->239.255.255.250:3702, len 773
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:49406->239.255.255.250:3702, len 760
 10:08:22 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:22 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::3e50:9544:d3e0:847d->ff02::1:ff3f:395, len 32
 10:08:23 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.
168.100.53:27036->192.168.100.255:27036, len 223
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 162
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::3e50:9544:d3e0:847d->ff02::1:ff3f:395, len 32
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 1c:98:ec:24:3a:32, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0800, UDP, 192.16
8.100.107:1900->192.168.100.53:63363, len 280
 10:08:23 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:23 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:23 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac a6:5d:5b:21:0b:27, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:24 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 182
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::3e50:9544:d3e0:847d->ff02::1:ff3f:395, len 32
 10:08:24 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac a6:5d:5b:21:0b:27, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:25 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:25 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:25 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:25 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:25 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:25 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:25 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac a6:5d:5b:21:0b:27, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 162
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:26 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac dc:2c:6e:d9:04:c9, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 182
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:26 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:27 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:27 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:27 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:27 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 182
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:28 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 162
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:29 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:29 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 182
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:30 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (typ
e 143, code 0), fe80::e4eb:cab3:b63f:395->ff02::16, len 36
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (typ
e 143, code 0), fe80::e4eb:cab3:b63f:395->ff02::16, len 36
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (typ
e 143, code 0), fe80::e4eb:cab3:b63f:395->ff02::16, len 36
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (typ
e 143, code 0), fe80::e4eb:cab3:b63f:395->ff02::16, len 36
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 47
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 69
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 47
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 69
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:61653->[ff02::c]:3702, len 1101
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:0b:0b, eth-proto 0800, UDP, 192.16
8.100.113:49603->239.255.11.11:5008, len 813
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 103
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 135
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63348->[ff02::c]:3702, len 632
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:61653->[ff02::c]:3702, len 1101
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:3702->[fe80::e4eb:cab3:b63f:395]:63348, len 1456
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:24586->[fe80::e4eb:cab3:b63f:395]:12250, len 584
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:64:cb, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:64cb->ff02::1:ff3f:395, len 32
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:16, eth-proto 86dd, ICMP (typ
e 143, code 0), fe80::e4eb:cab3:b63f:395->ff02::16, len 36
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:65:6c, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:656c->ff02::1:ff3f:395, len 32
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:64:a2, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:64a2->ff02::1:ff3f:395, len 32
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 103
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63348->[ff02::c]:3702, len 632
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:61653->[ff02::c]:3702, len 1101
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:3702->[fe80::e4eb:cab3:b63f:395]:63348, len 1456
 10:08:31 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:24586->[fe80::e4eb:cab3:b63f:395]:12250, len 584
 10:08:31 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 127
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:1900->[ff02::c]:1900, len 508
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63340->[ff02::c]:1900, len 129
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 146
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 9a:7a:8d:64:5f:7a, dst-mac 01:00:5e:7f:ff:fa, eth-proto 0800, UDP, 192.16
8.100.113:41647->239.255.255.250:1900, len 162
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:61653->[ff02::c]:3702, len 1101
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63348->[ff02::c]:3702, len 632
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 1c:98:ec:24:3a:32, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::1e98:ecff:fe24:3a32->ff02::1:ff3f:395, len 32
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 1c:98:ec:24:3a:32, dst-mac 33:33:00:01:00:02, eth-proto 86dd, UDP, [fe80:
:1e98:ecff:fe24:3a32]:546->[ff02::1:2]:547, len 75
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:3702->[fe80::e4eb:cab3:b63f:395]:63348, len 1456
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:24586->[fe80::e4eb:cab3:b63f:395]:12250, len 584
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 182
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:64:cb, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:64cb->ff02::1:ff3f:395, len 32
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::3e50:9544:d3e0:847d->ff02::1:ff3f:395, len 32
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:65:6c, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:656c->ff02::1:ff3f:395, len 32
 10:08:32 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:64:a2, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:64a2->ff02::1:ff3f:395, len 32
 10:08:32 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:1900->[ff02::c]:1900, len 456
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:0c, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:63348->[ff02::c]:3702, len 632
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:3702->[fe80::e4eb:cab3:b63f:395]:63348, len 1456
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 00:18:ae:c6:cc:b5, dst-mac 40:ed:00:a2:4a:b5, eth-proto 86dd, UDP, [fe80:
:20c:29ff:fe37:3729]:24586->[fe80::e4eb:cab3:b63f:395]:12250, len 584
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 1c:98:ec:24:3a:32, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::1e98:ecff:fe24:3a32->ff02::1:ff3f:395, len 32
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::3e50:9544:d3e0:847d->ff02::1:ff3f:395, len 32
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:59804->[ff02::1:3]:5355, len 30
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 36
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:01:00:03, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:52450->[ff02::1:3]:5355, len 30
 10:08:33 firewall,info accept forward: in:ether6 out:sfp1, connection-state:inval
id src-mac 40:ed:00:a2:4a:b5, dst-mac 33:33:00:00:00:fb, eth-proto 86dd, UDP, [fe8
0::e4eb:cab3:b63f:395]:5353->[ff02::fb]:5353, len 51
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:64:cb, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:64cb->ff02::1:ff3f:395, len 32
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:65:6c, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:656c->ff02::1:ff3f:395, len 32
 10:08:33 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac b4:a3:82:64:64:a2, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::b6a3:82ff:fe64:64a2->ff02::1:ff3f:395, len 32
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac 1c:98:ec:24:3a:32, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::1e98:ecff:fe24:3a32->ff02::1:ff3f:395, len 32
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac 33:33:ff:3f:03:95, eth-proto 86dd, ICMP (type 
135, code 0), fe80::3e50:9544:d3e0:847d->ff02::1:ff3f:395, len 32
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 166
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 182
 10:08:34 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid
 src-mac e6:4d:6e:4b:a7:03, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0800, UDP, 192.16
8.100.110:61485->255.255.255.255:20561, len 50
 10:08:34 interface,info ether6 link down
And this go on and on until i disconnect cable.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Wed Feb 07, 2024 3:44 pm

I'm pretty sure that accept and drop packets are different ... and thus trigger different rules. E.g.:
10:08:18 firewall,info accept forward: in:ether6 out:sfp1, connection-state:invalid src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806
10:08:18 firewall,info drop forward: in:sfp1 out:ether6, connection-state:invalid src-mac 6e:db:7f:16:a3:e4, dst-mac 40:ed:00:a2:4a:b5, eth-proto 0806
First one has src-mac set to 40:ed:00:a2:4a:b5 (and is passing from ether6 towards sfp1) ... and is allowed to pass through (if you have something like chain=forward action=accept src-mac-address=40:ed:00:a2:4a:b5/FF:FF:FF:FF:FF:FF set. The second one has dst-mac set to same value (and is passing in the opposite direction, from sfp1 towards ether6) and is, failing to match other filter rules, dropped by last (unconditional rule). To allow bi-directional traffic, you have to construct accept rules in pairs:
chain=forward action=accept src-mac-address=40:ed:00:a2:4a:b5/FF:FF:FF:FF:FF:FF
chain=forward action=accept dst-mac-address=40:ed:00:a2:4a:b5/FF:FF:FF:FF:FF:FF

Keep in mind that bridge filter has no notion of connections (which allow e.g. firewall filter rules to be uni-directional and yet, with one single appropriate rule, return traffic is magically passed through). Similarly to ip firewall raw one has to manually configure both forward and return paths.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Wed Feb 07, 2024 5:00 pm

I assumed that it will work as ip firewall... I was looking at mikrotik wiki and there is no mention of that unfortunately. Will do like that tomorrow.

Is it a good idea to put that unconditional rule at the end ? I mean it's more efficient to accept what we want to pass and drop all else. Or is it different with bridge rules ? I failed to find some examples.

In the meantime i bought CRS310 as L009 CPU definitely don't like to have much traffic through it. L009 will be switch for some more lighter applications. And there are some examples for CRS310 on mikrotik wiki
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Wed Feb 07, 2024 5:52 pm

I'd say that with bridge filters is similar to firewall filter: the lower the number of filters the better performance. But it all depends on what needs to be done. Which includes the ultimate drop all rule.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Thu Feb 08, 2024 8:58 am

It's working now like it should but i must say, performance is horrendous... That poor thing can achieve 500 Mbps max with 5 filter rules.

Also I created trunk for my CRS310 and I have to add rules for it to work so now it looks like this:
 0   chain=forward action=accept 
     src-mac-address=70:85:C2:9F:A7:37/FF:FF:FF:FF:FF:FF log=yes 
     log-prefix="accept" 

 1   chain=forward action=accept 
     dst-mac-address=70:85:C2:9F:A7:37/FF:FF:FF:FF:FF:FF log=yes 
     log-prefix="accept" 

 2   chain=forward action=accept in-interface=sfp1 out-interface=ether3 log=no 
     log-prefix="" 

 3   chain=forward action=accept in-interface=ether3 out-interface=sfp1 log=no 
     log-prefix="" 

 4   chain=forward action=drop log=no log-prefix="" 
For CRS310 i create VLANs and all of that in interface/bridge menu but for filtering i have to go to /interface/ethernet/switch/rule ?
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Thu Feb 08, 2024 11:35 am

CRS310 works like a charm, port security from example on mikrotik wiki works like it should but i'm wondering, why there is no lock on first option ?

Also i tried to understand what each step in Router OS wiki does as i don't want to blindly copy/paste cmd lines.

So this command tells the switch that traffic that enters the switch on port ether1 with MAC address of 64:D1:54:81:EF:8E is allowed to pass through the switch.
/interface ethernet switch rule
add ports=ether1 src-mac-address=64:D1:54:81:EF:8E/FF:FF:FF:FF:FF:FF switch=switch1
This command just tell us to drop everything else coming into ether1 port because switch will drop all packets that don't match src-mac-address we enter in command above and no new dst-port is selected.
add new-dst-ports="" ports=ether1 switch=switch1
With this command we disable mac learning so no dynamic host entries will be created in host list. With unknown-unicast-flood=no we prevent switch to flood ether1 port with traffic with unknown destination MAC address as it's not needed because src-mac-address we specified is also dst-mac address for traffic coming to our device.
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes learn=no unknown-unicast-flood=no
This command adds static host entry for port ether1 because we disabled mac learning so without this switch will not be able to learn MAC address of the connected device and connection can't be established. I also added VID=100 in my case as in my case port is untagged for VLAN100.
/interface bridge host
add bridge=bridge1 interface=ether1 mac-address=64:D1:54:81:EF:8E
This is how I understood those commands so if I'm wrong feel free to correct me.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Thu Feb 08, 2024 12:45 pm

I don't have a CRS3xx device, so discussion in this thread is now beyond my knowledge.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Thu Feb 08, 2024 1:33 pm

No worries, you helped a lot here already. I just wanted to confirm that I understood correctly as it's not my goal to blindly copy/paste commands.
 
FIPTech
Long time Member
Long time Member
Posts: 561
Joined: Tue Dec 22, 2009 1:53 am

Re: Bridge filter rules not working

Sun Feb 18, 2024 12:57 am

viewtopic.php?t=181922

Is it possible that bridge filtering in ros 7 is broken ??
I have some problems with bridge filtering. Ros 7.14RC1.

I cannot get the VLAN matcher to work in the NAT chains, except if a previous rule did filter by source mac address and mark the packets.
Possibly the ARP matcher is broken too.

Another point : A Layer2 NAT ARP fixer (or helper) is missing. Layer 2 NAT without an ARP fixer means that you need to use static ARP on both side of the NAT. Something that is rarely possible. Without an ARP fixer, the usefulness of the NAT rules are very low...
 
Mesquite
Member
Member
Posts: 420
Joined: Tue Jan 23, 2024 9:16 pm

Re: Bridge filter rules not working

Sun Feb 18, 2024 5:38 am

I don't have a CRS3xx device, so discussion in this thread is now beyond my knowledge.
Feel for you buddy, looking at at CRS310 I just took out of the box. :-)
Anytime you want to wireguard in and look around let me know.

By the way, the secret is never put yourself in a position to have to get anal about mac addresses on the bridge.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13602
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge filter rules not working

Sun Feb 18, 2024 6:18 pm

Feel for you buddy, looking at at CRS310 I just took out of the box. :-)
Anytime you want to wireguard in and look around let me know.
I don't think CRS310 is that sexy :wink:
 
emunt6
Member Candidate
Member Candidate
Posts: 114
Joined: Fri Feb 02, 2018 7:00 pm

Re: Bridge filter rules not working

Sun Feb 18, 2024 11:20 pm

I'm having a problem with bridge rules on my L009 that is used as a switch. In my testing I wanted to block access for a device with some MAC address.

I created rule, added option to log and when I connect device to ether6 for which I created rule to block that device, that device connects to network... But what is strange I see that I have about 40 dropped packets and I can see in logs that rule is doing something but device still connects.
Like something is bypassing rules. I tried to disable HW offload but then there is no connection with or without rules.

Here is my config:
# 2024-02-06 06:17:16 by RouterOS 7.13.3
# software id = 
#
# model = L009UiGS
# serial number = 
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=VLAN_100_MGMT vlan-id=100
/port
set 0 name=serial0
/interface bridge filter
add action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \
    src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether5 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether6 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether7 pvid=200
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether8 pvid=200
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp1
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp1 vlan-ids=100
add bridge=bridge1 tagged=sfp1 vlan-ids=150
add bridge=bridge1 tagged=sfp1 vlan-ids=200
/ip address
add address=172.16.0.1/24 comment=OFF_BRIDGE_MGMT interface=ether1 network=\
    172.16.0.0
/ip dhcp-client
add interface=VLAN_100_MGMT
/system clock
set time-zone-name=Europe/Zagreb
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
Hi!

You need "port-security" feature on switch-chip to work, its is a long time missing feature from Mikrotik.
You won't able to block MAC-Addressess on bridge-port using firewall filter rules.

There is a workaround for the problem:

( assuming the ethernet6 connected to another switch/switches where the device/MAC is located )
- Disbale ARP learning on ethernet6.
- Add static ARP entries all other devices that connected on ethernet6.
This will "block" the device, because it will never get into the ARP table.

OR

Connect a separate switch to ethernet6 which has "port-security" feature implemented correctly ( example: Cisco )
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1585
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Bridge filter rules not working

Mon Feb 19, 2024 5:27 am

Hi, thank you the workaround. I bought CRS310 so problem is solved. It would be nice to have port security like in other switches but there is example in Router OS wiki about that and it's working like it's supposed to.