Hi Mikrotik FOrum
I have an issue that I would like your best bid on the little problem

I Have an DMZ zone that are only on 1 port - and the port is connected to A single NIC - that i have on my VMware server - the subnet is a /27
In this Setup here - is there any how possible to create a rule that will block the traffic from 192.168.0.0/29 - towards 192.168.0.8/29 ?

Or is it just easier to create an new DMZ - an split it directly into seperate DMZ - But I have not a spare NIC i my VMware server
Since the setup is created as only 1 NIC --> Could I create the VLAN1 og VLAN2 - and create the same VLAN on the NIC in VMware - and split it that way instead

Only reason - I have 2 Webservers - and a mailserver setup including a spamfilter that I would like not to communicate to each other.
I think the main issue here is that everything is going through the one NIC in both Mikrotik And VMware

Tia
/p

My opinion, not an expert.......... Depends upon vlan awareness of whats on the other side of the NIC?

For example a switch port can accept multiple vlans because the switch can read the traffic....
If whatever can read the traffic coming in on the nic, then it can see different vlans and decide what to do with them,
Otherwise, the devices servers behind the nic are on the same subnet and nothing can be done with firewall rules to block traffic at least at layer 3.

...
Since the setup is created as only 1 NIC --> Could I create the VLAN1 og VLAN2 - and create the same VLAN on the NIC in VMware - and split it that way instead
...

Yes, segregating the connections using Vlans is good to go