Allow service on local network only

anon44801567 · December 22, 2020, 4:22pm

So finally I succeeded by removing the bridge interface (which was useless here) and I directly configured my eth0 and then I have configured my zones as follow:

config zone 'vpn'
        option name 'vpn'
        list subnet '10.0.0.0/24'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone 'lan'
        option name 'lan'
        list subnet '192.168.1.0/24'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone 'wan'
        option name 'wan'
        list subnet '!192.168.1.0/24'
        list subnet '!10.0.0.0/24'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'

vgaetera · December 23, 2020, 12:06am

This works as a union of disjoint complements, that is a universal set.
I.e. the result is the same as using 0.0.0.0/0 and that looks wrong.

anon44801567 · December 24, 2020, 7:56am

And is there a way to say "everything but these networks" or should I just put '0.0.0.0/0' and the traffic concerning the two other zones will be catched before this one?

system · April 15, 2021, 11:11am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.