I implemented this solution to block traffic between my subnets (I have 6 of them) using addresses lists, and it works. However, when I try to make an exception rule to allow traffic between one of the subnets and a specific IP on another subnet, and I put this rule higher in the firewall filters list, it does not work. Thoughts?
This is the code to block traffic between my subnets, easily scalable if I ever need to add a subnet :
Code: Select all
/ip firewall filter
add action=drop chain=forward comment="subnets insulation" dst-address-list=Subnets src-address-list=Subnets
/ip firewall address-list
add address=10.5.0.0/24 list=Subnets
add address=10.6.0.0/24 list=Subnets
add address=10.8.0.0/23 list=Subnets
Here is an example rule that I think should allow traffic between subnets to bypass the previous rule, but does not work :
Code: Select all
chain=forward action=accept src-address=10.8.0.0/23 dst-address=10.6.0.151 log=no log-prefix=""
(this is a repeat of viewtopic.php?f=2&t=60451&p=743497#p743497, I thought it deserved it's own thread)