Re: VLAN configuration, firewall rules, basics

Thanks dpurgert,

Thats exactly what I thought, but when I do that, no traffic is able to go through at all.

Here is the config:

    name GUEST_VLAN_IN {default-action reject
        description "PACKETS COMING THRU TO THE VLAN"
        rule 10 {action accept
            description "ALLOW ESTABLISHED/RELATED"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 40 {action accept
            description "ALLOW HTTP"
            destination {port 80
            }
            log disable
            protocol tcp_udp
            state {
                established enable
                invalid disable
                new enable
                related enable
            }
        }
        rule 50 {
            action accept
            description "ALLOW HTTPS"
            destination {
                port 443
            }
            log disable
            protocol tcp_udp
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 60 {
            action accept
            description "ALLOW UNIFI PORTAL"
            destination {
                group {
                    address-group unifi-portal-access
                }
            }
            log disable
            protocol tcp
        }
    }
    name GUEST_VLAN_LOCAL {
        default-action drop
        description "DEVICE TO ROUTER ACCESS"
        rule 1 {
            action accept
            description "ALLOW DHCP"
            destination {
                port 67
            }
            log disable
            protocol tcp_udp
        }
        rule 2 {
            action accept
            description "ALLOW DNS"
            destination {
                port 53
            }
            log disable
            protocol udp
        }
    }
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        poe {
            output off
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.199.1/24
        description Local
        duplex auto
        poe {
            output 48v
        }
        speed auto
        vif 30 {
            address 10.10.30.1/24
            description "Guest VLAN"
            firewall {
                in {
                    name GUEST_VLAN_IN
                }
                local {
                    name GUEST_VLAN_LOCAL
                }
            }
            mtu 1500
        }
    }
    ethernet eth2 {
        description "Local 2"
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth3 {
        description "Local 2"
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth4 {
        description "Local 2"
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.200.1/24
        description "Local 2"
        mtu 1500
        switch-port {
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}

That stil doesn't work

Re: VLAN configuration, firewall rules, basics

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112