Again, network isolation problem. I have a some networks in my organisation, some of them needs to be isolated from all other networks. Now I on some routers I have a bunch of similar rules, such as:
Code: Select all
ip firewall filter add chain=forward src-address=10.0.0.0/24 dst-address=192.168.1.0/24 action=drop
ip firewall filter add chain=forward src-address=10.1.1.0/24 dst-address=192.168.1.0/24 action=drop
ip firewall filter add chain=forward src-address=10.15.12.0/24 dst-address=192.168.1.0/24 action=drop
ip firewall filter add chain=forward src-address=192.168.1.0/24 dst-address=10.0.0.0/24 action=drop
ip firewall filter add chain=forward src-address=192.168.1.0/24 dst-address=10.1.1.0/24 action=drop
ip firewall filter add chain=forward src-address=192.168.1.0/24 dst-address=10.15.20.0/24 action=drop
...
#all combinations of paired networks
I mean:
Code: Select all
ip firewall filter add chain=forward src-address=192.168.1.0/24 dst-address=0.0.0.0/0 action=drop
ip firewall filter add chain=forward src-address=0.0.0.0/0 dst-address=192.168.1.0/24 action=drop