This really works. Very eloquently elegant compared to container (no dependency on third-party software). Thank you!I was tooling through the Help as it likes to change unannounced from time to time and I noticed and read about MACVLAN. Of course it's been around a few months as a tab in Winbox but I never looked into it. This interface solves the problem of being able to do this bridge filtering technique BUT ON YOUR MAIN ROUTER. No offsider router like I used in the OP.
Code:
/interface macvlan add interface=vlan10 name=macvlan10/interface macvlan add interface=vlan80 name=macvlan80/interface bridge add name=bridge-mdns protocol-mode=none/interface bridge port add bridge=bridge-mdns interface=macvlan10/interface bridge port add bridge=bridge-mdns interface=macvlan80/interface bridge filter add action=accept chain=forward comment="Allow mDNS only" dst-address=224.0.0.251/32 dst-mac-address=01:00:5E:00:00:FB/FF:FF:FF:FF:FF:FF dst-port=5353 in-bridge=bridge-mdns ip-protocol=udp mac-protocol=ip out-bridge=bridge-mdns src-port=5353/interface bridge filter add action=drop chain=forward in-bridge=bridge-mdns out-bridge=bridge-mdns comment="Drop all other L2 traffic"/interface bridge nat add action=src-nat chain=srcnat dst-mac-address=01:00:5E:00:00:FB/FF:FF:FF:FF:FF:FF to-src-mac-address=[/interface bridge get [find name="bridge"] mac-address] comment="SNAT to Primary VLAN bridge"Statistics: Posted by qqflexx — Sun Mar 03, 2024 11:26 am