Page 1 of 1

DHCP firewall block need HELP

Posted: Fri Aug 10, 2012 3:16 pm
by antkamidiv
Hi everyone!!!

I don't understand a mikrotik's firewall behaviour.

I have two rules in the input chain:
1. /ip firewall filter add chain=input protocol=tcp dst-port=8291 action=accept
2. /ip firewall filter add chain=input action=drop

There are no any other rules in firewall.

My PC gets ip address from mikrotik's dhcp server. Why? The second rule blocks everything including udp port 67.
May be I misunderstand something. Could you explain me this behaviour of the firewall?

Thx in advance...

Re: DHCP firewall block need HELP

Posted: Fri Aug 10, 2012 5:29 pm
by Feklar
That is because DHCP is handled before it ever hits the firewall, so the firewall cannot block it from happening. It can only prevent DHCP from flowing over it. If you only want certain devices to get DHCP leases, change the DHCP pool to "static-only", and manually setup the leases.

Re: DHCP firewall block need HELP

Posted: Fri Aug 10, 2012 5:56 pm
by antkamidiv
Thank you buddy!!! :D

What about official documents which describe this feature?