Would that permit the customer to still have a dhcp client behind it? In my case, the customer would have a wlan1/ether1 wds bridge.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 30, 2011 at 3:37 AM, Butch Evans <[email protected]> wrote: > On Mon, 2011-11-28 at 23:27 -0500, Josh Luthman wrote: >> Does anyone have this handy and tested to confirm it is working? I'm >> looking for rules that would be used on the customer CPE when >> bridged/wds. > > In this example, ether1 is the physical port connecting to customer. > Modify as needed. > > /interface bridge filter > add action=drop chain=forward disabled=no \ > dst-port=68 in-interface=ether1 \ > ip-protocol=udp mac-protocol=ip src-port=67 > > This would drop a DHCPOFFER packet originating on the ether1 (customer) > side of the bridge. You wouldn't have to have more than this to prevent > a customer's DHCP server from exiting their CPE onto the larger network. > > -- > ******************************************************************** > * Butch Evans * Professional Network Consultation * > * http://www.butchevans.com/ * Network Engineering * > * http://store.wispgear.net/ * Wired or Wireless Networks * > * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * > * NOTE THE NEW PHONE NUMBER: 702-537-0979 * > ******************************************************************** > > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
