Messages

First time opnsneser long time lurker

Just finished justifying the purchase of a 4 port N100. To get started I have everything able to access everything with dhcp on all interfaces in the gateway setup below.

Interfaces : Gateway
1)WIFI : 192.168.50.1 (I plug my wifi AP here)
2)LAB : <<physical port - no gateway
- LABVlan60 192.168.60.1 << uses LAB physical port
3)Media: 192.168.40.1
4)WAN : Internet


My rules are open on everything right now. All Interfaces except WAN have these rules:
IPv4-6
Source. *
Port *
Dest *
Port *
Gateway *

What I would like to do is allow one host , 192.168.60.10 to be able to access only other machines within its vlan60 and the internet. I couldn't figure that out so I am trying to just do this rule:

Here is the firewall rule I tried to add in Labvlan60:

Action: Block
Interface : labvlan60
Direction: OUT
TCP/IP : ipv4
Protocol: Any
Source : Single Host: 192.168.60.10/24.
Destination : Media net

Rule order:
1. The rule stated above
2. * any any rule

In my head this rule works like this .. block any traffic from host 60.10 OUT of interface Labvlan60 from accessing any Media net network host.

But right now 60.10 can ping 40.10 (media net host) but its not supposed to , not sure what I did wrong