Setting the gateway on wide open rule does not restrict traffic to other subnets
-
Hello,
The problem I am facing,
Despite setting the gateway to a wide open firewall rule, the traffic still goes to the main LAN. I am not sure why. I took inspiration from this video: https://youtu.be/AZ_ju6pCbow
My setup,
I am using a two port mini PC as a firewall box. There are 2 ports:
- port 0 is WAN
- port 1 is LAN/TRUNK
I have a switch attached to port 1 on the firewall.
I have created a VLAN for my access point and tagged it on the port connected to the firewall and untagged in on the port where the access point is connected.
I have set some firewall rules on the AP VLAN:
- allow DNS on 53 to firewall
- deny all other to firewall
- allow IPV/IPV6 to any, via GATEWAY
I have no other rules or floating rules. The LAN is open wide, however I am leaving it as is. I set the rules on the APVLAN interface as it is the place where the traffic is coming in.
I am a hobbyist. I am probably missing something obvious.
Thank you!
Edit:
I finally figured it out! For some reason, PF was trying to monitor my gateways. However, I am behind CG-NAT, and the gateways were marked as down. As soon as I edited the gateways and marked them as always on, this issue no longer reproduced.
Could someone explain to me why would this happen?
-
@watermellon_eater22 said in Setting the gateway on wide open rule does not restrict traffic to other subnets:
Could someone explain to me why would this happen?
It is in the documentation.
-
@Bob-Dig oh wow thank you! I totally missed this!
I went through the docs a few times, but i did not notice it.
Thanks again!
