Interface | IP address | MAC address | Hostname |
MYLAN | 192.168.1.12 | 00:00:00:00:00:d2 | access point |
MYLAN | 192.168.1.20 | 00:00:00:00:00:7b | amazon |
NEIGHBORLAN | 192.168.100.11 | 00:00:00:00:00:c0 | access point |
NEIGHBORLAN | 192.168.100.16 | 00:00:00:00:00:d4 | DESKTOP-PC |
NEIGHBORLAN | 192.168.100.18 | 00:00:00:00:00:46 | iPhone-X |
Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
IPv4 * | MYLAN net | * | * | * | * | * | Default allow LAN to any rule |
IPv6 * | MYLAN net | * | * | * | * | * | Default allow LAN IPv6 to any rule |
Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
IPv4+6 * | * | * | MYLAN net | * | * | * | Block all traffic to MYLAN |
IPv4 * | * | * | * | * | * | * | Default allow LAN to any rule |
IPv6 * | * | * | * | * | * | * | Default allow LAN IPv6 to any rule |
MYLAN NEIGHBORLAN
rule in effect
CPU1 <----blocked----< CPUX
CPU1 [nothing] CPUX
rule _not_ in effect (bleed over)
CPU1 >----allowed----> CPUX
CPU1 <----allowed----< CPUX
You should read the rule like this:
(MYLAN) Interface
IPv4 * MYLAN net * * * * * Default allow LAN to any
Every IPv4 packet which arrives (incoming) at “MYLAN Interface” is checked if
-IP is within the MYLAN range,
-Port *
-Destination *
if everything matches the paket is allowed.
Ok?
Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
IPv4+6 * | * | * | MYLAN net | * | * | * | Block all traffic to MYLAN |