Vlan host rule passing all traffic

[rusty dreamcast]

Started delving into vlan today

I have some mains switches that just need to talk to my Mqtt broker on home assistant no internet access required

I put them on a separate vlan and added a rule pass to single host with the IP address of my home assistant on my main lan

Problem is when this rule is in place I can ping every IP in the main lan from the vlan not just home assistant how do I lock this down?

Thanks rusty

[muchacha_grande]

Hi, can you show the rules?

[rusty dreamcast]

this is the only rule ive made on the vlan interface this is very new to me

[Maurice]

Are there any firewall rules on the (untagged) parent interface? These can also affect VLAN traffic.

Cheers

Maurice

[tsystem]

Hello,

An idea, not sure ...
After your rule that give access to this ip, maybe you need to add another rule to block all other traffic/access to lan ?

[rhubarb]

Are there any firewall rules on the (untagged) parent interface? These can also affect VLAN traffic.

I have heard this before, and I cannot reproduce this; parent interface rules don't seem to apply to it's VLANs, thankfully.

[rhubarb]

this is the only rule ive made on the vlan interface this is very new to me

192.168.1.193/24 will route to all address between 192.168.1.0 - 192.168.1.255. 

Set the "24" to "32":

192.168.1.193/32 - This will route only to the address shown.

[rusty dreamcast]

Thanks I'll try that at the weekend can mess with the network mid week as people working from home need it to be stable