interface bridge filter
add action=log chain=filter disabled=no \
ip-protocol=udp log-prefix="" mac-protocol=ip src-port=67-68
add action=log chain=input comment="Block DHCP servers on 10.0.0.0/21" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
"ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-address=10.0.0.0/21 \
src-port=67-68
add action=drop chain=input comment="Block DHCP servers on 10.0.0.0/21" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=ip \
src-address=10.0.0.0/21 src-port=67-68
/ip firewall mangle
add action=change-ttl chain=postrouting new-ttl=set:1 out-interface=OUT
add action=change-ttl chain=prerouting in-interface=in new-ttl=increment:1
مع مراعاة تغيير اسماء كرت الدخول والخروج والايبي الخاص بشبكتك
add action=log chain=filter disabled=no \
ip-protocol=udp log-prefix="" mac-protocol=ip src-port=67-68
add action=log chain=input comment="Block DHCP servers on 10.0.0.0/21" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
"ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-address=10.0.0.0/21 \
src-port=67-68
add action=drop chain=input comment="Block DHCP servers on 10.0.0.0/21" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=ip \
src-address=10.0.0.0/21 src-port=67-68
/ip firewall mangle
add action=change-ttl chain=postrouting new-ttl=set:1 out-interface=OUT
add action=change-ttl chain=prerouting in-interface=in new-ttl=increment:1
مع مراعاة تغيير اسماء كرت الدخول والخروج والايبي الخاص بشبكتك