Firewall Rules Structure Question
-
Regarding firewall rules, I would like to set up types of VLANs:
LAN acccess only with whitelist
WAN access only with whitelist
LAN and WANI've figured out how to block specific IP's from WAN in the LAN firewall rules, but I haven't figured out how to add a "block all WAN" and have an "allow this alias" access to WAN.
Also, I cannot figure out how to block LAN access at all. Any suggesstions?I'm thinking of how to do this the best way:
The aliases will have the VLAN subnets in them.VLAN10 - LAN acccess only with whitelist:
Allow "alias10" LAN access
Block all WAN access
Block all LAN accessVLAN20 - WAN access only with whitelist:
Allow "alias20" WAN access
Block all WAN access
Block all LAN accessVLAN30 - LAN and WAN:
This one will be trusted so Allow all is fine. -
Is there an implicit deny that's invisible on the interfaces already?
-
Yes all interface have a default deny.. That is not shown in the gui.. There has been discussion of allowing this to be shown in the gui.. But its a given that if no allow rule then traffic is deny..
You might place a specific deny on the interface to deny stuff you don't want logged by the default deny, etc. Or if you just like to see it when looking at you rules.
