![]() Should prevent devices with MAC addresses x:x:x:x:x:x and y:y:y:y:y:y:y from accessing any other IP addresses than private, multicast, and broadast ones. ![]() ![]() ![]() MAC address is normally relevant only on L2 interfaces and in L2 (bridge) firewall rules to make 元 (IP) firewall rules match on MAC address, you have to activate use-ip-firewall under /interface bridge settings, which currently causes so many surprises in the IP firewall operation that it is better to avoid it.Ĭhain=input action=jump jump-target=prohibit-internet-access src-mac-address=x:x:x:x:x:x/ff:ff:ff:ff:ff:ffĬhain=input action=jump jump-target=prohibit-internet-access src-mac-address=y:y:y:y:y:y/ff:ff:ff:ff:ff:ffĬhain=filter-internet-access action=accept mac-protocol=ip dst-address=255.255.255.255Ĭhain=filter-internet-access action=accept mac-protocol=ip dst-address=224.0.0.0/4Ĭhain=filter-internet-access action=accept mac-protocol=ip dst-address=192.168.0.0/16Ĭhain=filter-internet-access action=accept mac-protocol=ip dst-address=172.16.0.0/12Ĭhain=filter-internet-access action=accept mac-protocol=ip dst-address=10.0.0.0/8 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |