Hi,
I have several different subnets attached to my RB3011 which controls my home network. The question now is how do control access among the subnets in a suitable way. Currently there is one PPPoE WAN connection which has a srcnat and some firewall rules. At the beginning the dynamically created routes allow connectivity among all subnets. This not what I want this I am using some policy routing rules to block access, e.g.
src-address=<LAN1>/24 dst-address=<LAN2>/24 action=drop
This policy routing rules are not easy to handle as they do not support address lists. What is your recommended way of doing access control among subnets? I could also do it in the firewall filter rules but then this local blocking rules are somewhere between the firewall rules which is not easy to get an overview of all the stuff. I want to separate them in some way.
Thanks for the help!
Regards Toby