Block traffic between VLANs
-
Hi,
I have a number of vlans setup, how can I prevent traffic from going between the vlans? Would I have to put seperate block rules for each vlan on each opt interface?
Is there an easier way?Thanks
Zack
-
Would I have to put seperate block rules for each vlan on each opt interface?
Yes. I would use two rules above the default rule.
Allow destination opt lan address
Block destination 192.168.0.0/16If IP range doesn't match a CIDR, then use a alias
-
Hi There,
Don't mean to hijack this thread, but I am trying to do the same thing, Block traffic between VLANs and give VLANS access to WAN. I just cant seem to get this working!
-
I'd do it this way:
1.) create an ALIAS containing all local subnets (all_local_subnets)
2.) On each interface create three rules:
- allow all to own subnet range
- allow all but ALIAS all_local_subnets
- deny the rest.The order of these rules is important.
If that's not enough then you need to provide more infos on your setup.
-
Thanks, that seemed to do the trick! Didn't even think about using Aliases!
-
Some great info there! Thanks alot
Zack
-
Glad it helped.
It is basically what Perry said before only with different weapons.The last 'deny the rest' is there automatically. I like to have it as separate rule to not forget about it. ;)
