How do I setup 2 independant VLANS?

  • I currently have two VLAN's setup on the interface em1. each VLAN is configured with DHCP. VLAN2  VLAN3

    Both VLANS's are working perfectly and am able to browse the Internet.

    From here I cannot figure out how to block VLAN3 access to VLAN2 and vice versa. Basically, what I want to have is two independant networks (VLANS) have access to the same Internet (WAN) but no access to each other.

    Any ideas on how I should approach this?

  • Firewall rules - you probably have "pass all" rules. Make those more restrictive, like:
    VLAN2: Pass source VLAN2net destination !VLAN3net
    VLAN3: Pass source VLAN3net destination !VLAN2net

