Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    block traffic between interfaces [Solved]

    Scheduled Pinned Locked Moved Firewalling
    27 Posts 4 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • noplanN
      noplan @mass
      last edited by

      @mass
      please mark topic as solved

      M 1 Reply Last reply Reply Quote 0
      • M
        mass @noplan
        last edited by

        @noplan said in block traffic between interfaces:

        @mass
        please mark topic as solved

        from where i can mark?

        1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8
          last edited by

          i don't know if you can still modify the title, i think there is a time limit for it, if you are unable to change it anymore only a moderator can do that, well.. don't you stress too much about that anyway, afaik it is not required here

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            Marked as solved ;)

            Just to throw in my 2 cents.. @kiokoman use of the alias for rfc1918 is good one... When you only have small couple of vlans not really needed. But such an alias allows for growth and ease of management of rules.

            So sure you can just block specific X net in you Y rules.. But if you also have A,B,C ... G vlans and you don't want any of them talking to any other vlan.. Alias that includes all your networks makes that easier to do.

            If you have questions on if your rules will do what you want them to do.. Just paste up your rules and explain what your wanting to do exactly. And pretty sure multiple people be happy to jump in and say yeah or nay, or hey you can do it cleaner this way. Or you forget to block firewall, so clients could still get to the wan address, etc. etc..

            When posting up rules, its always best to include all of them on the interface, and showing the specific interface they are on.. And stating that there is nothing in floating, or showing them as well if you have rules in your floating.

            This is bad way to show rules
            badway.png

            What is above that rule, what specific interface is it on?

            This is better way to show rules on an interface.

            rules.png

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            M 2 Replies Last reply Reply Quote 2
            • M
              mass @johnpoz
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • M
                mass @johnpoz
                last edited by

                @johnpoz said in block traffic between interfaces [Solved]:

                This is bad way to show rules

                What is above that rule, what specific interface is it on?
                This is better way to show rules on an interface.

                Sure Thanks for your advice.
                From next time onwards i will take care about this..👍

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Yeah no problem - not meaning to call you out or anything... See that sort of posting of rules all the time... Or many like to use ascii art ;)

                  Hopefully some other users see this and when they post their rules post them so that very easy to instantly see what is going on..

                  The other pet peeve is when they obfuscate the rfc1918 space they are using ;)

                  Dude not sure what movie you watched or what tinfoil hat blog your reading... But showing that you using 192.168.1.0/24 and that your PCs IP is 192.168.1.100 isn't going to let anyone hack you ;) hehehe

                  Specifically showing that PC 1 is 192.168.1.100, and what your trying to talk to is 192.168.2.42 is helpful vs

                  confusing.png

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.