Hi Folks …
I am almost there with my setup. However - I’d like to hear from those of you who have it - how to proceed best with the following setup.
I have 4 Network Interface:
pppoe,wlan1,Bridge-Service,Bridge-vpn (Which is the LAN)
with associated subnets.
Now - I want to make sure - that traffic flowing through the RB153 can not jump from one interface/subnet to another one.
I have followed the first-art guides found on the wiki - but these do actually only protect the network from the external interface.
However - me comming from the Security side of Systems/Networks - I tend to want control on the traffic from all destinations to all destinations, forcing me to apply interface/subnet based policies.
So to my questions:
- Anyone has an example of the configuration I have in mind ? Even only for 3 Networks… I’ll adapt.
- In which default chain (input,forward,output) would you place:
a. Interface based access policy
b. Inter-interface network flow policies - In which chain would you place the address-redirections ?
Thx for any hint …