I'm trying to accomplish the following:
A Mikrotik router holds a Wireguard tunnel, it's up and running. I'm trying to create a firewall rule, which makes the following:
- All connections from the local networks to the remote network on the other side of tunnel should be possible.
- It should not be possible to create any connections from remote network to any local networks.
The remote network is 192.168.10.0/24.
Will the following rule do the trick, or is it absolutely incorrect?
Code: Select all
add action=drop chain=forward comment="Drop connections from remote network" \
connection-state=!established dst-address-list="Intranet Networks" \
in-interface=MyWireGuardInterface
Code: Select all
add action=accept chain=forward comment="Sample allow connections from remote network" \
dst-address=192.168.20.11 in-interface=MyWireGuardInterface src-address=192.168.10.2