Hi There,
I was wondering if the builtint firewall was able - through a simple configureation setup - to handle zone separation, or to bind certain rules to specific Interfaces ?
By this I mean - b.e. I define on a RB153,
eth0 → world
eth1 → dmz
eth2 → lan
eth3 → lan
eth4 → lan
wifi0 → wifi
then define a policy of:
world → Firewall: DROP
firewall → world: DROP
lan → firewall: REJECT
lan → world: ALLOW (Should be Reject for security, but I’m lazy 
) …
lan → wifi: ALLOW
dmz → firewall: DROP
dmz → lan: DROP
dmz → world: ALLOW
dmz → wifi: REJECT
Etc. for wifi and so on.
The reason I’m asking - is that this way it would be fairly simple to by example create a stop zone - e.g. if something does not work correctly, firewall setup does not work, we have a stop zone - which blocks all traffic, except the open connections (e.g. we don’t want to cut off the admin while he’s in), and eventually allow some Fixed IP-Addresses to the Firewall itself.
Also - moving zones around would be very easy then … if b.e. you have several customers, one customer is not a paying one - you connect him into a nonpaying zone - where all he can do is going to his bank and perform a money transfer
Any hints on how to make this easy-going ? or will I have to fiddle this all around with simple rule-addon ? As that will be quite complex IMHO…
Thx for any hint…