FW Rules Not Blocking
I have a virtualized pfSense instance with 2 physical interfaces
WAN Access port
LAN Trunk port (with VLANs 10, 99)
I already have the trunk and vlan interfaces configured and working, however I'm running into a strange issue
VLAN10 - 10.10.20.0/24 - Labeled as VLAN10
VLAN99 - 10.10.99.0/24 - Labeled as IOT
The following rules are configured for VLAN99
VLAN10 simply has an any-to-any
Now the issue is that even though I'm blocking all of RFC1918 (as well as VLAN10) on the rules for VLAN99 I can still ping devices from VLAN10 on VLAN99 and vice versa.
When I do a trace from both VLANS I can see the traffic hitting the VLAN interface on pfSense then getting routed over to the other VLAN.
I know that this is what inter-vlan routing should be doing but shouldn't the rules on VLAN99 be blocking the packet as soon as it hits the VLAN99 interface?
I figured it out, instead of using the interface "net" option in the source and dest. I changed it over to address and now blocking works as expected.