Hi,
Hi, I need help to solve an issue with a firewall → filter
Network diagram
I want to set up the following:
Tks u !
allow the connections first, and then block all other inter-vlan traffic.
so you set up filter rule on forward chain,
allow traffic from vlan 11 to server vlan 10
allow traffic from vlan 11 to address list (do this in ip firewall address lists) that contains 192.168.12.100-192.168.12.200
drop all traffic from vlan 11 to 10 and 12 by drop everything except when it is going to the WAN interface. something like
add chain=forward in-interface=vlan_11 out-interface-list=!WAN action=drop
do the same for Vlan 10
do the same for valn12
I think this should do what you need.
Thank you, I will try and report the results
remember to keep your “allow established and related” filter rule on the top.
This ensure the return traffic from one VLAN to another is not dropped.
I would have a different approach.
Concur with logic its not wrong.
My last forward rule is
action drop (drop all else).
add action=drop chain=forward
Therefore one only needs to state explicitly what is allowed.
add action=allow in-interface=vlan11 dst-address=vlan10serverIP (192.168.10.10?)
add action=allow in-interface=vlan11 dst-address-list=allowedvlan12range
add address=192.168.12.100-192.168.12.200 list=allowedvlan12range (in ip firewall address list)