Fewi, so to separate VLANs you would create a couple of Routing Rules to drop the packets assuming the VLANs are now configured on the Router on a single ethernet port?
But if I wanted a single IP in VLAN2 to access another IP in VLAN3, I would have to create a ‘lookup’ rule for this and then a drop rule for the entire IP range?