The order of firewall zones

In luci, I am able to put the firewall zones in any order I like, but does that order have any significance? For example. If I put the WAN zone above the LAN zone does it prioritise the WAN traffic rules before the lan traffic rules? I am creating a guest zone and am wondering if, because that excludes guests from interacting with lan, I should put guest rules first, as my guest network is linked to a particular wireless interface on the same ip range as lan and my other wireless interface

1 Like

Not really, unless you try something weird like assigning one interface to multiple zones.

Yes, but actually no, since fw4 splits each zone processing to a separate sub-chain prefixed by a unique interface name, so no matter the arrangement, it won't follow to sub-chains of other zones.

1 Like

Thanks for the reply.
It makes a lot of sense actually. I think I see what you mean by "yes but actually no.
It will process them in that order but it will not have any bearing on zones further down the list
because they are separate chains

1 Like

In short, it should not matter, unless you create hundreds or thousands of zones.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.