Right now, all my ethernet ports connect to the network net1. I want one of these ethernet ports to connect to net2 only, and give no access whatsoever to net1.
what is the difference between having my net2 configured with option device 'br-net1' instead of option type 'bridge'?
in terms of separating net1 and net2, I have indeed configured my firewall for network separation. However, I am wondering if there is increase security risk in having the 2 networks share a switch (before, the 2 networks were only on wifi)? Maybe that increases the attack surface?
You know these are not RFC1918 addresses, right?
Yeah, I was just tinkering around, to try and see what happens with non standard addresses.
option type 'bridge' was part of the old syntax and it doesn't work with the new versions (the bridge will not be created).
If you mean the device switch, this is not a problem. Wired ports belonging to different VLANs are completely isolated from each other.
However, if you want to connect the two networks to a common external switch, there are many risks and potential problems.