I have a client that has 70 branches VLANed into a single MikroTik bridge. They want to block all traffic between the VLANs except for PCs that end in in .12 as these should be able to video conference between them. What MikroTik feature should I use to block all traffic between bridged VLANs yet allow .12 PCs to work?

Thanks,
Ken

You can use bridge firewall

Is there a wild card feature to just allow the last few digits of an IP address to be matched in a bridge firewall rule?

Thanks,
Ken

REDTDI, I would be doing this in multiple rules, allow your .12 address by adding each one to an address list called 'inter-vlan'
then add the ip ranges to another address list called 'local-vlans'

Create 2 rules

Rule 1. chain=forward src-address-list=inter-vlan dst-address-list=inter-vlan action=allow
Rule 2. chain=forward src-address-list=local-vlans dst-address-list=local-vlans action=reject or drop

Something like that would explicitly allow the pc's to comunicate while blocking all other inter-vlan traffic.

Is it possible to have an address list on a bridge firewall rule?

Thanks,
Ken

REDTDI, I would be doing this in multiple rules, allow your .12 address by adding each one to an address list called 'inter-vlan'
then add the ip ranges to another address list called 'local-vlans'

Create 2 rules

Rule 1. chain=forward src-address-list=inter-vlan dst-address-list=inter-vlan action=allow
Rule 2. chain=forward src-address-list=local-vlans dst-address-list=local-vlans action=reject or drop

Something like that would explicitly allow the pc's to comunicate while blocking all other inter-vlan traffic.

use normal IP -> Firewall =)