Isolate two interfaces firewall rules not working
-
Did you change your rules to be the way i described them?
Can you show a screenshot of your current rules? -
yes i did, i will send a screenshot in the morning.
but even with no rules shouldnt it block it. since there is an invisible deny all rule. -
Yes if you have no rules at all then everything should be blocked.
-
here are the screenshots with no rules, it should block the traffic from one interface (subnet) to another (subnet)
https://www.dropbox.com/s/g44e9q50b8hc8uy/firewall%20-%20%20floating.png
https://www.dropbox.com/s/urcibwd0k4nytj6/firewall%20-%20lan.png
https://www.dropbox.com/s/ovjs1fr0pdcyj51/firewall%20-%20wlan.png
https://www.dropbox.com/s/lneaufs6bnm7qs9/ping.jpgi will post the other screen shots with the rules, but regardless it should not allow u to ping unless some of my other settings are wrong.
edit: removed img tags
-
I don't see any screenshots
-
On the LAN and the WLAN tab you obviously have the "default allow LAN/WLAN to any rule".
This is not "no rule". -
wow how did i not see that, ok will change it to lan to wan - Default allow lan to Wan rule.
-
Don't forget to clear states if you're going to immediately test after making changes like this.
-
yes i did, perfect. thank you both for your help.
-
wow how did i not see that, ok will change it to lan to wan - Default allow lan to Wan rule.
A rule like "Pass protocol any source LANnet destination WANnet" will not be much use, because you actually want to allow traffic from LANnet to "the big bad public internet", not just traffic to your WANnet.
So you will likely want rules like:"Pass protocol any source LANnet destination not WLANnet"
"Pass protocol any source WLANnet destination not LANnet"or some other combination of pass and block rules to achieve a similar effect.
