This would be the best solution, but I tried to do this except src-port=68 with logging the packets.IIRC you will have to both identify and drop packets in the bridge. Using the IP firewall to identify them would be too late in the packet flow as the packet will have left the bridge by that point.
The minimal case to drop any DHCP requests via a bridge port would be
/interface bridge filter
add action=drop chain=input mac-protocol=ip ip-protocol=udp src-port=68 dst-port=67
Is seems the packets do not go through this bridge filter rule.
Noticed HW offload is turned on -> turned off. Then set the mac-protocol=vlan - then I could log the packets.
Great, but could not filter - for the ip-protocol=udp src-port=68 dst-port=67.
Any suggestions on how to go forward?
Tried differend devices, RouterOS 7.13.
Statistics: Posted by sdombora — Sun Jan 14, 2024 8:00 pm