Hi everyone!
I'm trying to set a rule to block traffic from specific VLAN to a Wireguard subnet but doesn't work.
Action: Block
Interface: VLAN5
TCP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: WG5 net OR Wireguard (Group) net
Setting destination to specific WG5 host or LAN subnet works. It's because of LAN address is set in Interfaces? I had also created WG5 interface (without any address configuration).
How can I set to block entire subnet? With alias?
Thanks in advance!
Which direction did you set? And why only TCP, not any protocol?
Direction: in
Protocol: any as I wrote in my previous post ;)
TCP/IP Version: IPv4+6 (is mandatory to set in Edit Firewall rule section)
You wrote "TCP version", hence my confusion.
WG5 net is the subnet you configured in the wg local config. The endpoints / allowed IPs don't have to be in that subnet. Are they in your case? Otherwise, you'll have to use an alias, yes.
Cheers
Maurice