Block traffic between VLANs



  • Hi,

    I have a number of vlans setup, how can I prevent traffic from going between the vlans? Would I have to put seperate block rules for each vlan on each opt interface?
    Is there an easier way?

    Thanks

    Zack



  • Would I have to put seperate block rules for each vlan on each opt interface?

    Yes. I would use two rules above the default rule.
    Allow destination opt lan address
    Block destination 192.168.0.0/16

    If IP range doesn't match a CIDR, then use a alias



  • Hi There,

    Don't mean to hijack this thread, but I am trying to do the same thing, Block traffic between VLANs and give VLANS access to WAN. I just cant seem to get this working!



  • I'd do it this way:

    1.) create an ALIAS containing all local subnets (all_local_subnets)
    2.) On each interface create three rules:
          - allow all to own subnet range
          - allow all but ALIAS all_local_subnets
          - deny the rest.

    The order of these rules is important.

    If that's not enough then you need to provide more infos on your setup.



  • Thanks, that seemed to do the trick! Didn't even think about using Aliases!



  • Some great info there! Thanks alot

    Zack



  • Glad it helped.
    It is basically what Perry said before only with different weapons.

    The last 'deny the rest' is there automatically. I like to have it as separate rule to not forget about it.  ;)


Log in to reply