guys... one small additional question regarding to VLAN_LOCAL.
As I mentioned I need to create rule to block access from VLAN to router - that's fine and now I know how to do it and it's working fine.
The question is how to correctly combine this rule with DNS and DHCP rules which I need to add to VLAN_LOCAL as well for each VLAN. I'm thining whether the order of this rule is important here... .
e.g. ruleset for VLAN30_LOCAL will looks like:
- default accept
- rule 1, drop, destination 10.10.30.1 (which is router)
- rule 2, accept, protocol UDP, port 53 (DNS)
- rule 3, accept, protocol UDP, port 67 (DHCP)
Am I right with that _LOCAL ruleset and that order ?
Thanks!