can fiaif do this?
Wed Jan 1 16:49:28 CET 2003
Douglas J Hunley wrote:
> is it currently possible to configure fiaif such that 2 different internal
> zones cannot talk to each other but can still get out to the external zone?
> e.g. 192.168.2.x is one zone, 192.168.1.x is another zone. I don't want the
> two to talk to each other, but each one should be able to get to the
> internet. I do *not* want to specify individual IPs or MACs to accomplish
> this. (one of the zones is for wireless and uses dhcp)
Yes, by adding forward rules in both zones.
Eg. if no communication must exist between ZONE1 and ZONE2, then add:
FORWARD="ZONE2 DROP ALL ALL 0.0.0.0/0=>0.0.0.0/0"
FORWARD="ZONE1 DROP ALL ALL 0.0.0.0/0=>0.0.0.0/0"
More information about the fiaif