Chupaka and Butch. This rule is on a router that has a bridge for LAN ports and the DHCP server is run on that bridge. Use IP Filter is enabled for the bridge as well. I am glad you are seeing the same lack of result I did Butch. In my case I want to act on DHCP server traffic that does NOT originate from the router, ie Rogue DHCP traffic. To that end I don't really need to catch the legit server traffic but I was trying to prove where it was or wasn't so I could write my rules accordingly.
"For others that answered, the rule that Ty posted IS the right format and in the right chain." - Wel I did learn from the best... ;) -Ty On Fri, Jan 24, 2014 at 3:00 AM, Chupaka <[email protected]> wrote: > Afair, DHCP uses something like RAW_SOCKET or even more low-level > functions, so the only way to catch its packets is to create a bridge (with > a single port - necessary interface) and use bridge filter (or enable > 'use-ip-firewall'). > > -- > Подпись: > (добавляется в конце всех исходящих писем) > > > 2014/1/24 Butch Evans <[email protected]> > > > On 01/23/2014 11:13 AM, Ty Featherling wrote: > > > >> Can someone confirm that you CANNOT manage traffic FROM the DHCP Server > on > >> a Mikrotik with IP Firewall? > >> > >> To test this I added the rule: > >> > >> add action=log chain=output disabled=no protocol=udp src-port=67 > >> > > > > DHCP Conversation looks like this: > > > > DHCPDISCOVER > > client: UDP src-addr 0.0.0.0 sport=68 > > dst-addr 255.255.255.255 dport=67 > > > > DHCPOFFER > > DHCP server: > > UDP src-addr server.ip.addr sport=67 > > dst-addr 255.255.255.255 dport=68 > > > > DHCPREQUEST - > > From client, just like discover > > > > DHCPACK - > > From server, just like offer > > > > SO, your rule should show the DHCPOFFER and the DHCPACK traffic. My > first > > guess about why it isn't showing up would be if the interface in question > > is on a bridge and the "use-ip-firewall" option isn't on for the bridge. > > Barring that, I suspect you should be able to see the traffic in the > logs. > > I just did a test on a router here and it didn't show up there, either. > > Very odd. Perhaps a bit more research on my part is in order. Maybe, > > because the traffic is all broadcast type, the IP firewall isn't seeing > the > > traffic? I don't know. I'll play with this a bit more and see what I > can > > discover. > > > > For others that answered, the rule that Ty posted IS the right format and > > in the right chain. > > > > > > -- > > Butch Evans > > 702-537-0979 > > Network Support and Engineering > > http://store.wispgear.net/ > > http://www.butchevans.com/ > > > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/14c5f2ff/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140124/84ce8634/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
