Help with rules from DMZ to Internet with limited LAN access

_neok

Hello everyone!
I have a computer (anti-spam) on my DMZ, exposed to the internet with a NAT on one of my WANs.
I have a working rule that allows you to communicate with two IP addresses on my LAN and nothing else. So far, so good.
Now, I need that computer to be able to connect to the Internet, but not to the rest of my LAN.
If I set up a DMZ to any rule it connects to the internet but also to the entire LAN.
How and where do you recommend that I set up the rules to communicate to the Internet and only to the IP addresses of my LAN that I tell you?
Thank you very much for any hint!
Warm greetings

Gabriel

dzeanah

Add a rule that denies access to the LAN from this machine, and have it processed before the allow all rule?

NogBadTheBad

@Derek:

Add a rule that denies access to the LAN from this machine, and have it processed before the allow all rule?

^^ this

Check out the attached screenshot, replace TEST net with DMZ net, g_ip_local contains my local IP addresses.

_neok

@NogBadTheBad:

@Derek:

Add a rule that denies access to the LAN from this machine, and have it processed before the allow all rule?

^^ this

Check out the attached screenshot, replace TEST net with DMZ net, g_ip_local contains my local IP addresses.

Thank you very much for the tip! I'm gonna try it and then come back and tell you how it went.
Best regards!

georgeman

I might add that a nice approach is to generate an alias with the whole RFC1918 networks and explicitly block connections from DMZ to this alias before the allow to internet rule