Firewall rules and inter-vlan routing
-
After toying around with pfsense for a while now (home environment), I am still a bit confused. Everything seems to work fine. There is a concept I'm just having a bit of trouble with.
In the docs / forums, it is explained that firewall rules effect incoming traffic for that interface. So by default, an interface with no rules will not receive any incoming traffic. Makes sense.
However, when I have set up VLAN's to allow a device on one VLAN to communicate with another, that does not seem to be the case.
Let's say I have two VLANs
VLAN1 & VLAN2
I'd like VLAN1 to access a machine on VLAN2.
If I were to create a firewall rule on VLAN2 interface saying "allow source VLAN1 net to destination VLAN2 net" that would not do the trick.
Rather, I must create a firewall rule on VLAN1 saying "allow to destination VLAN2".
So if rules control incoming traffic, why the seeming reversal for VLANs? I just feel like I'm missing something and want to better understand. Thanks.