VMRouterWRT is in router mode. Say I wanna use it to block LixVM from connecting to Internet and also to any device on my main LAN. Except for Urubu4, I want it to connect there because it has a Subversion server I need to connect to. Other VMnet VMs should connect normally.
What's the best practice to setup a firewall rule to block it to connect to anything outside VMnet, except Urubu4 on port 443?
And what if I want it to connect to Internet, but drop package destined to 192.168.0.0/16 or fdfa::/8?
Simply create an ALLOW rule for the source IP (211.101), dest IP and port, and follow it with a DENY rule for all traffic from that source IP. You can omit that second rule if VMrouterWRT's default policy is not to forward from that subnet at all.
Hm. Try naming the zone that 211.101 is in under option src, instead of *. ISTR if you leave both src and dest zones wiidcarded, it doesn't know which chain to apply the filter rule to.
Oh, and you'll need similar rules for the IPv6 address. (I sometimes cheat and use the mac instead, which covers both protocols.)
lol I was blocking TCP+UDP and testing with ping! now it works
config rule
option dest_port '443'
list proto 'tcp'
option name 'Allow LixuxVM to Urubu4'
list src_ip '192.168.211.101'
option dest 'wan'
list dest_ip '192.168.49.4'
option target 'ACCEPT'
option src 'lan'
config rule
option name 'Deny LixuxVM'
option target 'DROP'
option src 'lan'
option dest 'wan'
list src_mac '00:0C:29:0E:4C:28'
list proto 'all'