Hello,
I have problem with my RB3011UIAS-RM.
ether1 = wan port, ether2-8 = bridge, ether9 = guest1, ether10 = guest2.
all those networks have diffrent adresses. the problem is comunication betwen them, for example hosts form guest2 can communicate with guest1 hosts etc. I have made firewall rule to drop comunication betwen them and it works, i also found that blocking the trafic can be made by route rules. but even if i make rule in routing section or i make firewall rule or even both i can still ping ip assigned to router ports.
guest2 port ip = 192.168.1.1 - host from this pool can ping 192.168.100.1
guest1 port ip = 192.168.100.1 - host from this pool can ping 192.168.1.1
etc.
How to block it ?
Firewall should block by interface, not protocol and port.
When packets come in Ether9 and not going out Ether1, drop the packet Same for Ether10.
When packets come in Bridge1 and not going out Ether1, drop the packet.