Code:/interface bridge filteradd action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \ src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF
Using bridge port as in-interface isn't correct AFAIK. If using use-ip-firewall=yes, then it should be possible to use in-bridge-interface instead. But I don't know what one should do when using use-ip-firewall-for-vlan, there are quite a few forum threads where people are having problems with this, so it seems a bit hard to figure it out.
When looking at packet flow in the old wiki page (the new one lacks the VLAN example), I'm lost when it comes to interpretation about what is considered as in-bridge-port in your particular use case .... obviously it still is a bridge port as flow of frame/packet shows (after step 8 it takes path via bridging decision rectangle), but is it the original ingress port (where it entered device as tagged frame)? You may try to omit this matching criterion in your rule to see if it makes any difference.
Statistics: Posted by mkx — Tue Feb 06, 2024 9:15 am