Re: [Mikrotik] Firewall rules for blocking customer DHCP

Tue, 29 Nov 2011 10:47:48 -0800 

/interface bridge filter
add action=log chain=forward comment="log dhcp servers on 192.168/16" \
    disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
    "blocked dhcp server" mac-protocol=ip src-address=192.168.0.0/16 \
    src-port=67-68
add action=drop chain=forward comment="drop dhcp servers on 192.168/16" \
    disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=\
    ip src-address=192.168.0.0/16 src-port=67-68

/interface bridge settings
set use-ip-firewall=yes

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373



On Tue, Nov 29, 2011 at 1:57 AM, Josh Luthman
<[email protected]> wrote:
> Figuring that's what I would do, but didn't want to go out and test it if
> someone else had.
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Nov 29, 2011 1:35 AM, "Bill Prince" <[email protected]>
> wrote:
>>
>> Why not do what Canopy does and just block the DHCP server port (port 67)?
>>
>> bp
>>
>>
>> On 11/28/2011 8:27 PM, Josh Luthman wrote:
>>>
>>> Does anyone have this handy and tested to confirm it is working?  I'm
>>> looking for rules that would be used on the customer CPE when
>>> bridged/wds.
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>> _______________________________________________
>>> Mikrotik mailing list
>>> [email protected]
>>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>>
>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>> RouterOS
>>>
>> _______________________________________________
>> Mikrotik mailing list
>> [email protected]
>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to