hey
started making vlans for IoT-device, guest wifi and so on, but how to block cross-talk??
the only way that I see is
drop NET-A to NET-B
drop NET-A to NET-C
Drop NET-B to NET-A
Drop NET-B to NET-C
Drop NET-C to NET-A
Drop NET-C to NET-B
Adding a vlan more will only make the drop list bigger and more complex with each Vlan.
Is there a smarter way or??
Hi
First make firewall rules for allowed traffic and the a block rule at the end.
E.g vlanA forward to wan allowed
VlanB forward to wan allowed
The block all forward
example:
add chain=forward action=accept comment=“internet traffic” in-interface-list=LAN out-interface-list=LAN
add chain=forward action=accept comment=“port forwarding” connection-nat-state=dstnat
add chain=forward action=accept comment=“access to common printer” in-interface-list=LAN out-interface=vlan10 dst-address=192.xxx.yy.10
add chain=forward action=accept comment=“trusted vlan to vlanB” in-interface=vlan10 out-interface=vlan20
add chain=forward action=drop comment=“drop all else”