I have 2 seperate interfaces and firewall zones for my wired (192.168.1.1) and wireless (10.20.30.40) LAN clients. I used to think putting forward rule to REJECT/DROP on these zones would block traffic between them but in 2022 (before OpenWRT switched to nftables) someone suggested that I should add a rule like this:
iptables -I FORWARD -s 10.20.30.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j DROP
Now that we are on nftables, should I make a similar rule? If so, can someone type it for me please?
You said you have a forward reject/drop rule you created (per another thread). So I merely assumed inquired if you allowed traffic since you proceeded to block it with a custom rule.
My apologies if I misunderstood.
Cool, I understand.
Those default rules are good. You don't allow forwarding between zones by default.
You can test by trying to ping a device in the other subnet. It should silently fail (drop) or show a denied/etc. (Reject).