Hi, i have a wrong setup because I do not have a segmentation on the vlans; i tried to add rules to blocks all traffic from others vlans and leave only the possibility to exit on the wan; but these rules never applied, and this default rule "let out anything from firewall host itself" is activated instead.
here a simple draw of the network:
https://ibb.co/3hngxpY
here the log on the activation rule:
vlan_SERVICE Oct 22 17:22:38 10.10.0.253 10.40.0.253 icmp let out anything from firewall host itself
the ping commnad i execute on a host on other vlan and I expected it to fail.
what settings should i see to restore vlan traffic isolation?
This discussion should give you the idea: https://forum.opnsense.org/index.php?topic=25228.0
Otherwise post your rules here for troubleshooting
I resolved it with the rules you have cited, now I use these rules:
VLAN1
- allow all traffic incoming from vlan control [vlan10]
- block all traffic from others vlans [ ! vlan1]
- allow all traffic incoming [to wan and beyond]
it works how i think it shuld be; thx