I have done the same on UBNT bridged radios with a rule dropping udp port 67 on the eth port for the customer radio or the WLAN on the AP.
-Ty On Mar 3, 2014 7:28 PM, "Ty Featherling" <[email protected]> wrote: > I have a single rule on my tower routers that drops udp source port 67 > with an IN interface of bridgeLAN which is the bridge my APs are in and > also the bridge my DHCP server runs. Works a treat. > > -Ty > On Mar 3, 2014 5:23 PM, "Josh Luthman" <[email protected]> > wrote: > >> Canopy can certainly block bootp servers and let the client pull DHCP. >> They broke it out I think late v9 or early v10? The idea that it works >> on >> egress/ingress makes sense. That can't be done on a bridged MT/AirOS can >> it? >> >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> On Mon, Mar 3, 2014 at 6:05 PM, Bill Prince < >> [email protected]> wrote: >> >> > There are both. Pick either/or both or neither. >> > >> > bp >> > >> > >> > On 3/3/2014 2:16 PM, Eric Muehleisen wrote: >> > >> >> I thought that all the filter does in the SM is block bootp server >> (port >> >> 67) egress. But it allows bootp client (port 68) ingress. >> >> >> >> >> >> On Mon, Mar 3, 2014 at 3:38 PM, Josh Luthman < >> [email protected] >> >> >wrote: >> >> >> >> Is this possible with a layer 3 firewall? In a packet capture it >> doesn't >> >>> really look possible due to the broadcast nature of it, but I thought >> I'd >> >>> ask. >> >>> >> >>> It's doable in Canopy, but I wonder how it's actually being done. >> >>> >> >>> Josh Luthman >> >>> Office: 937-552-2340 >> >>> Direct: 937-552-2343 >> >>> 1100 Wayne St >> >>> Suite 1337 >> >>> Troy, OH 45373 >> >>> -------------- next part -------------- >> >>> An HTML attachment was scrubbed... >> >>> URL: < >> >>> http://mail.butchevans.com/pipermail/mikrotik/ >> >>> attachments/20140303/fc6e1742/attachment.html >> >>> _______________________________________________ >> >>> Mikrotik mailing list >> >>> [email protected] >> >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >>> >> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> >>> RouterOS >> >>> >> >>> -------------- next part -------------- >> >> An HTML attachment was scrubbed... >> >> URL: <http://mail.butchevans.com/pipermail/mikrotik/ >> >> attachments/20140303/32e01882/attachment.html> >> >> _______________________________________________ >> >> Mikrotik mailing list >> >> [email protected] >> >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> >> RouterOS >> >> >> >> >> > _______________________________________________ >> > Mikrotik mailing list >> > [email protected] >> > http://mail.butchevans.com/mailman/listinfo/mikrotik >> > >> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> > RouterOS >> > >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: < >> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140303/636b9e4b/attachment.html >> > >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140303/295b6c1e/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
