VLAN rule

Started by fox983, September 28, 2023, 04:32:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 28, 2023, 04:32:23 PM
Hi everyone!
I'm trying to set a rule to block traffic from specific VLAN to a Wireguard subnet but doesn't work.

Action: Block
Interface: VLAN5
TCP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: WG5 net OR Wireguard (Group) net

Setting destination to specific WG5 host or LAN subnet works. It's because of LAN address is set in Interfaces? I had also created WG5 interface (without any address configuration).
How can I set to block entire subnet? With alias?
Thanks in advance!
September 28, 2023, 04:39:13 PM #1
Which direction did you set? And why only TCP, not any protocol?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 28, 2023, 05:00:51 PM #2
Direction: in
Protocol: any as I wrote in my previous post  ;)
TCP/IP Version: IPv4+6 (is mandatory to set in Edit Firewall rule section)
September 28, 2023, 05:05:28 PM #3
You wrote "TCP version", hence my confusion.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 28, 2023, 10:35:36 PM #4
WG5 net is the subnet you configured in the wg local config. The endpoints / allowed IPs don't have to be in that subnet. Are they in your case? Otherwise, you'll have to use an alias, yes.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions