Bridge Filter

You are here:
< All Topics

This function allows You to block packets based on type when it sends in bridge mode. You can for example block multicast or IPv6 packets to not be forwarded in upstream/downstream or both direction.

Whole configuration is easy and can be done through web interface or XML provisioning.

Function works only with interfaces in brige mode (HGU).

Web configuration

To configure this function go to Security -> Bridge Filter and choose the enable radio button. On the table below choose which type of packet do You want to filter and check the box for proper bridge interface (available here are only active bridge interfaces).

XML provisioning

To configure bridge filter through XML file, enter below attributes to section HALNyUniversalProvisioning -> HALNyConfiguration -> Other.


ENABLE_BRIDGE_FIREWALL – put YES to enable Bridge Filter
IPv6_UPSTREAM_BlockSTP_BPDU_DOWNSTREAM_Block – enter WANX, where X is the number of WAN interface, You can set a couple of interfaces to one block rule, by separate them by “,” char – for example, to choose IPv6_UPSTREAM_Block rule for WAN1 and WAN2 interface enter :


In StormControl_Limit you configure the number of broadcast packets that be limited if You enable StormControl rule (this attribute is necessary if You set StormControl_Block). You can enter here only 64, 256,1024 or 4096 packets/s.

Type of filtered traffic

IPv6 – each packet of IPv6 based on the protocol IPv6 ethertype
Multicast – each packet based on destination MAC pattern 01:00:5e:00:00:00
FlowControl – each packet based on destination MAC pattern 01:80:c2:00:00:01
each packet based on destination port UDP:137,138 and TCP 139,445
– limit number of a broadcast packets per second which be forrwarded
– each packet based on destination MAC pattern 01:80:c2:00:00:00

Table of Contents