Block traffic between VLANs
I have a number of vlans setup, how can I prevent traffic from going between the vlans? Would I have to put seperate block rules for each vlan on each opt interface?
Is there an easier way?
Would I have to put seperate block rules for each vlan on each opt interface?
Yes. I would use two rules above the default rule.
Allow destination opt lan address
Block destination 192.168.0.0/16
If IP range doesn't match a CIDR, then use a alias
Don't mean to hijack this thread, but I am trying to do the same thing, Block traffic between VLANs and give VLANS access to WAN. I just cant seem to get this working!
I'd do it this way:
1.) create an ALIAS containing all local subnets (all_local_subnets)
2.) On each interface create three rules:
- allow all to own subnet range
- allow all but ALIAS all_local_subnets
- deny the rest.
The order of these rules is important.
If that's not enough then you need to provide more infos on your setup.
Thanks, that seemed to do the trick! Didn't even think about using Aliases!
Some great info there! Thanks alot
Glad it helped.
It is basically what Perry said before only with different weapons.
The last 'deny the rest' is there automatically. I like to have it as separate rule to not forget about it. ;)