16
19.7 Legacy Series / Re: VLANs and Firewalling
« on: September 26, 2019, 01:58:03 am »
Traffic blocking between VLANs will work.
Generally, but maybe I'm more old-school, I always feel it's better to explicitly set your 'Source' as you did with the DNS Server rule. This eliminates any question of how your * wildcard might be interpreted.
Re: The VLAN blocking from your last rule, I'm really not sure how that Destination you have defined would work out. The most direct way to do this is what an earlier poster noted: Create an alias for all RFC1918 networks, then create an explicit Deny rule: Use your last rule as a guide and use 'VLAN90 net' as the Source, and change the Destination to the RFC1918 alias.
That should block traffic from VLAN90 to other VLANs.
Generally, but maybe I'm more old-school, I always feel it's better to explicitly set your 'Source' as you did with the DNS Server rule. This eliminates any question of how your * wildcard might be interpreted.
Re: The VLAN blocking from your last rule, I'm really not sure how that Destination you have defined would work out. The most direct way to do this is what an earlier poster noted: Create an alias for all RFC1918 networks, then create an explicit Deny rule: Use your last rule as a guide and use 'VLAN90 net' as the Source, and change the Destination to the RFC1918 alias.
That should block traffic from VLAN90 to other VLANs.