Hi,
I am trying isolate 2 subnet. In port9 I have subnet 192.168.4.0/24 and in port 2,3,4 a bridge with subnet 192.168.1.0/24.
I want that subnet 192.168.4.0/24 can’t reach 192.168.1.0/24 but YES 192.168.1.0/24 reach 192.168.4.0/24
I created a rule in firewall with forward 4.0 → 1.0 DROP. And it works but reject traffic in both ways (4.0 → 1.0 and 1.0 → 4.0)
Why? How could I do ti to avoid only traffic between 192.168.4.0 → 192.168.1.0
Thanks!
/ip firewall filter
add chain=forward action=accept src-address=192.168.4.0/24 dst=address=192.168.1.0/24 connection-state=established, related
add chain=forward action=drop src-address=192.168.4.0/24 dst=address=192.168.1.0/24 connection-state=new, invalid
add chain=input action=drop dst-address=192.168.1.1 src-address=192.168.4.0/24
The last rule is not really important but makes sure the subnet can’t connect to your router’s address in the 192.168.1.0/24 subnet.
Done.
-Chris
It works perfect. Thanks you Chris! 