Sorry, please could you clarify what you mean by “take any subnet off the bridge” or the specific part of the config you’re referring to?
I had assigned an IP address to the bridge interface itself and there was a DHCP server “network” specified for the 192.168.88.0/24 range however this was just left there as a “if I’ve missed something”; it’s not actively used. I’m not sure whether this may be what you’re referring to?
As far as I understand from when I set this up a while ago I have:
- Three VLANs; vlan91 (unrestricted / given the most freedome), vlan92 (IOT device separation - not really used), vlan95 (Mullvad VPN tunnel for IPv4/6 traffic)
- Two WireGuard interfaces; wg0 (external → home access), wg1 (Mullvad VPN)
- PPPoE interface for internet connectivity (through ether1)
- “Rescue” port disconnected from the bridge (ether8) in case I make a configuration mistake on the bridge
- Bridge itself with an address of 192.168.88.1/24
- Various interface lists but the most relevant list is LAN_TRUSTED (which my PC is in as part of vlan91) and should allow the most access through the firewall rules
The requirements are for my PC (static 192.168.1.10 on vlan91 and member of LAN_TRUSTED) to be able to communicate effectively with P2P servers and essentially allow me to play Helldivers 2 which is currently not possible for whatever reason.