Firewall Rule between two Subnet

fpaolillo · August 29, 2015, 8:44pm

hi,
I have two Vlan:
Vlan10 - 192.168.10.0/24
Vlan15 - 192.168.15.0/24

I need:
deny any traffic from 192.168.15.0/24 to 192.168.10.0/24
Allow any traffic from 192.168.10.0/24 to 192.168.15.0/24

This is my config, but traffic continues to be enabled, from both sides

add chain=forward connection-state=new dst-address=192.168.15.0/24
src-address=192.168.10.0/24
add chain=forward connection-state=established dst-address=192.168.10.0/24
src-address=192.168.15.0/24
add action=drop chain=forward dst-address=192.168.10.0/24 src-address=
192.168.15.0/24

thansk too much

jebz · August 30, 2015, 3:12am

Look for previous rules in the list that may match first.
When changing these rules they won’t immediately stop traffic if it has an established connection. Reboot the router to drop connections and get the new rules working.
In Winbox click on the firewall rule to see how much traffic matches. This will help assist in identifying it’s effect.

fpaolillo · August 31, 2015, 10:56am

this Work Fine. thanks for your suggestions

add action=drop chain=forward comment=
“DROP New” connection-state=new
dst-address=192.168.10.0/24 src-address=192.168.15.0/24

add chain=forward comment=“allow new Conn”
connection-state=related,new dst-address=192.168.15.0/24 src-address=
192.168.10.0/24

add chain=forward comment=“Allow Estab”
connection-state=established,related dst-address=192.168.10.0/24
src-address=192.168.15.0/24