I’ve got an address list setup that has all my private ranges on it and a firewall rule that states anything with a src or dst of that address list, drop it. This is to stop routing between local subnets.
I’ve found something weird that it is also dropping traffic within a subnet (10.102.100.0/22)? How is that possible though?
This subnet is configured on my bridge and when I enable logging on the firewall rule I can see that the in and out interfaces are both the bridge. Surely that traffic has no need to even go via the firewall since it’s part of the same subnet? The devices I can see contacting each other are connected to a switch on Eth1 that is part of the bridge.