I set up bridge firewall and created a bridge filter rule for vlan 10 and i can only see there is traffic going but not much. But I cannot access a printer from one of the bridge port to another bridge port. I figured out is blocking the traffic. However, if I enable from "vlan10" as in interface to "vlan10" as as out interface, I still cannot access the printer from another bridge port. After checking the log of that firewal rule 9 which drops every forwarding traffic, I see the router only detects the traffic as from "bridge0" instead of "vlan10" interface. Is it normal that the device cannot distinguish the traffic is from a slave interface "vlan10" of the "bridge0"? Should this be considered a bug?
Code:
/ip firewall filteradd action=drop chain=forwardCode:
/interface listadd name=mgmtadd name=untrustadd name=trustadd name=guestadd name=internal/interface vlanadd interface=bridge0 name=vlan10 vlan-id=10/interface bridge filteradd action=accept chain=forward in-bridge=bridge0 mac-protocol=vlan \ out-bridge=bridge0 vlan-id=10add action=drop chain=forward in-bridge=bridge0 mac-protocol=vlan out-bridge=\ bridge0 vlan-id=20/interface bridge portadd bridge=bridge0 edge=no interface=sfp-sfpplus2 priority=0 restricted-role=\ yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether1 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether2 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether3 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether4 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether5 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether6 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether7 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yesadd bridge=bridge0 edge=yes interface=ether8 priority=0 pvid=10 \ restricted-role=yes restricted-tcn=yes/interface bridge settingsset use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \ use-ip-firewall-for-vlan=yes/interface list memberadd interface=ether15 list=mgmtadd interface=vlan10 list=trustadd interface=bridge0 list=internaladd interface=pppoe0 list=untrustadd interface=vlan20 list=guest/ip firewall filteradd action=fasttrack-connection chain=forward connection-state=\ established,related hw-offload=yesadd action=accept chain=input connection-state=established,related,untrackedadd action=accept chain=input dst-port=123 in-interface-list=internal \ protocol=udpadd action=accept chain=forward connection-state=\ established,related,untrackedadd action=accept chain=forward in-interface-list=internal \ out-interface-list=untrustadd action=accept chain=forward in-interface-list=trust out-interface-list=\ untrustadd action=accept chain=forward in-interface-list=guest out-interface-list=\ untrustadd action=accept chain=forward in-interface=bridge0 out-interface=bridge0add action=drop chain=forwardadd action=drop chain=input in-interface-list=!mgmtStatistics: Posted by samurai84 — Sat Mar 09, 2024 3:29 pm