Author Topic: VLAN rule (Read 701 times)

fox983 · « **on:** September 28, 2023, 04:32:23 pm »

Hi everyone!
I'm trying to set a rule to block traffic from specific VLAN to a Wireguard subnet but doesn't work.

Action: Block
Interface: VLAN5
TCP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: WG5 net OR Wireguard (Group) net

Setting destination to specific WG5 host or LAN subnet works. It's because of LAN address is set in Interfaces? I had also created WG5 interface (without any address configuration).
How can I set to block entire subnet? With alias?
Thanks in advance!

Patrick M. Hausen · « **Reply #1 on:** September 28, 2023, 04:39:13 pm »

Which direction did you set? And why only TCP, not any protocol?

fox983 · « **Reply #2 on:** September 28, 2023, 05:00:51 pm »

Direction: in
Protocol: any as I wrote in my previous post

TCP/IP Version: IPv4+6 (is mandatory to set in Edit Firewall rule section)

Patrick M. Hausen · « **Reply #3 on:** September 28, 2023, 05:05:28 pm »

You wrote "TCP version", hence my confusion.

Maurice · « **Reply #4 on:** September 28, 2023, 10:35:36 pm »

WG5 net is the subnet you configured in the wg local config. The endpoints / allowed IPs don't have to be in that subnet. Are they in your case? Otherwise, you'll have to use an alias, yes.

Cheers
Maurice

Author Topic: VLAN rule (Read 701 times)

fox983

VLAN rule

Patrick M. Hausen

Re: VLAN rule

fox983

Re: VLAN rule

Patrick M. Hausen

Re: VLAN rule

Maurice

Re: VLAN rule