Traffic on the same subnet doesn't go through the firewall so, yup, you're doing something wrong.
Regarding that subnet doesn't go trough the firewall, in that case it's impossible on a network level to prevent every device on a vlan to see other devices on the same vlan?
Ok intresting, didn't know that. However the problem was that my computers had a network profile that were preventing others from see me.
Exactly. Unless you use a managed switch with filtering features. There are various mechanisms on various protocol levels. Like deciding who gets a connection at all (802.1x), automatic assignment of VLAN based on MAC address (VMPS), MAC address filtering, static ARP/ND, IP based filtering, ...It all depends on your specific requirements.If your main tool is a layer 3 firewall, the tried and true approach is to put all devices that share the same policy in the same network, e.g. a VLAN. Use as many networks as necessary. Separate devices of different trust levels.HTH,Patrick
Think about it. Do you need a router to connect devices to each other??Nope, a switch will do that.A router connects a subnet to other subnets.So if you don't need to :leave: the subnet you're on, no router needed.
Port 53 is dns.You didn't lose internet, you lose name resolution.Blocking all of rfc1918 will do that, just put a rule above the block to allow each vlan to "this firewall" on port 53.This also depends on your exact rules as you may be blocking other services that are required.You should post an image of your exact rules.
Home30 Address would make more sense as the destination for DNS but personal choice I guess.No need to make a Port53 alias, DNS is listed in the port dropdown.Since you made the alias, you may want to expand it for other ports.I have an Internet_Ports Alias that I use for my Guest network and others, it contains http, https, dns, and ntp.If you sync time on Home30, you'll need port 123 also.
Just so you know, the internet is working from your last rule, 53 just resolves addresses.IOW, if you knew the IP address of every website you wanted to visit, you wouldn't need the DNS rule and you'd still have internet. Just letting you know for informative reasons.