MikroTik

Hello!
I am interested how does the Bridge Firewall works. I have read the documentation, but theres still some questions remaining.

If there is for example 6 interface, and i want that 1,2,3,4,5 interfaces should not send ARP request to interface 6 except to 10.0.0.1 and 10.0.0.2 adresses.
How should i do it? /should i write to the firewall rule the mac adresses of 10.0.0.1 and 10.0.0.2?/

The problem was that i made a rule to
drop all arp
accept 10.0.0.1 arp
accept 10.0.0.2 arp and it didnt worked... if i used only one "accept" it was ok. and it seems that the order is important of the rules.
Thanks for help Gabor from Hungary.

Gabor

In the bridge properties you need to set it to pass ARP.

Then, in the firewall rules you need the accept commands before the deny. The order is important as rules are parsed top to bottom.

Regards

Andrew

Hello!

I have looked for the things you wrote, but its still not working...
When it "worked" it was because of my PC's ARP table :(
So could you tell me how is the bridge firewall works?
What is the depth it is exploreing ethernet packets? Or ARP packets?
Thanks a lot: Gabor

the problem is in your rules order: first you need to accept traffic you want and then drop everything else
if you do the other way (like you already did ) there will be nothing to accept -- everything already will be dropped

i have changed the order but it still not works
so please tell me what is the depth of the inspection by bridge firewall? in ethernet level? or arp level?
arp is a boradcast message, but my goal is that nobody could send an arp request to 10.0.0.0 , except to two stations, .1 and .2 is it possible?

should work

would that be in v2.9 only?

it's in 2.8 also