With bridge ports in RouterOS Mikrotik has three options labeled "unknown unicast flood", "unknown multicast flood" and "broadcast flood". I was using Torch recently and saw traffic that did not look like it was that kind of traffic but when I checked those options it was blocked. I am wondering if anyone can let me know what rules I would need to have in a bridge firewall to stop that kind of traffic. Oddly what was happening is some traffic from clients was being broadcast back out and looked like from the Torch tool that is was the same as the other traffic that went through and that traffic. At first I thought my Mikrotik devices might be hacked because my networking setup should not allow that but then I realized that if the packets were being tagged in a way I am not familiar with to me they may have just looked the same.

I am pretty sure I can handle this with the many different facets that could be coming up but am interested in what exactly RouterOS is using for rules on traffic to detect if it's one of those three options because those three options when checked did stop traffic that I would not have thought would have met those rules.

Thanks for any assistance.