On Wed, 2011-11-30 at 08:13 -0500, Josh Luthman wrote: > Would that permit the customer to still have a dhcp client behind it? > In my case, the customer would have a wlan1/ether1 wds bridge.
If we use the in-interface=ether1 in the rule, we are limiting DHCPOFFER coming from a DHCP server that exists on ether1. So it should not interfere with a server on the WAN side (wlan1). This rule will ONLY limit the DHCPOFFER packet, which is always src-port=67 and dst-port=68. This is detailed here: http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Technical_details DHCP-client requests are src-port=68 and dst-port=67, server responses are the opposite. > > /interface bridge filter > > add action=drop chain=forward disabled=no \ > > dst-port=68 in-interface=ether1 \ > > ip-protocol=udp mac-protocol=ip src-port=67 > > -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ******************************************************************** _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
