Hi all,
Eth0 = internet
Eth1 = LAN 1
Eth2 = completely separate LAN that needs to be completely separate from LAN 1. Both LANs need to access eth0, which they can.
My problem is that I can't seem to block traffic from eth2 to eth1.
I've created a default rule to accept all traffic in from eth2, but with a drop rule for invalid traffic and for traffic that connects to the subnet used for LAN 1... But still traffic gets through.
I'm configuring through the GUI, but here's an extract from the configuration file:
name eth2_in {
default-action accept
description ""
rule 1 {
action drop
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 2 {
action drop
destination {
address 172.16.1.0/24
}
log disable
protocol all
state {
established enable
invalid disable
new enable
related enable
}
}
}
I'm doing this all through the GUI, so my suspicion is that there's something somewhere that I've overlooked, but I've no idea what or where.
According to the logging from the interface, it appears as though traffic to an IP in 172.16.1.0/24 doesn't match the rule I've created, and just goes under the default accept all.