When i want to make another network, let's say subnet B/24 for guest wifi, or whatever, i just add firewall raw rules to drop traffic between A/24 -> B/24 and vice versa.
But i would now have to have 8 or 9 different subnets, all isolated from each other (1 fiber connection, lots of clients). Is there a way to do this with as few firewall rules as posseble?
I was thinking to put all the subnets in the address list, but then i would block communication within subnet.
So 9 different address lists, each one without one of the subnets?
Would would be performance issues with 9 entries?
I was thinking 9 core CCR or the new 4011 for the job. (heavy queues, 200 users)
Are there best practices for this scenario?
Thx