Community discussions

MikroTik App
User avatar
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Wed Feb 06, 2008 6:48 pm
Location: Clermont / France

Firewall Zone separation ?

Mon Feb 11, 2008 1:07 pm

Hi There,

I was wondering if the builtint firewall was able - through a simple configureation setup - to handle zone separation, or to bind certain rules to specific Interfaces ?

By this I mean - b.e. I define on a RB153,
eth0 -> world
eth1 -> dmz
eth2 -> lan
eth3 -> lan
eth4 -> lan
wifi0 -> wifi

then define a policy of:
world -> Firewall: DROP
firewall -> world: DROP
lan -> firewall: REJECT
lan -> world: ALLOW (Should be Reject for security, but I'm lazy ;) ) ...
lan -> wifi: ALLOW
dmz -> firewall: DROP
dmz -> lan: DROP
dmz -> world: ALLOW
dmz -> wifi: REJECT

Etc. for wifi and so on.
The reason I'm asking - is that this way it would be fairly simple to by example create a stop zone - e.g. if something does not work correctly, firewall setup does not work, we have a stop zone - which blocks all traffic, except the open connections (e.g. we don't want to cut off the admin while he's in), and eventually allow some Fixed IP-Addresses to the Firewall itself.
Also - moving zones around would be very easy then ... if b.e. you have several customers, one customer is not a paying one - you connect him into a nonpaying zone - where all he can do is going to his bank and perform a money transfer ;)

Any hints on how to make this easy-going ? or will I have to fiddle this all around with simple rule-addon ? As that will be quite complex IMHO...

Thx for any hint...

Who is online

Users browsing this forum: dondario, glovepolarthepianist, Laxity, lpr600, MarcSN, soonwai and 192 guests