can fiaif do this?

Anders Fugmann email hidden
Wed Jan 1 16:49:28 CET 2003


Douglas J Hunley wrote:
> is it currently possible to configure fiaif such that 2 different internal
> zones cannot talk to each other but can still get out to the external zone?
> e.g. 192.168.2.x is one zone, 192.168.1.x is another zone. I don't want the
> two to talk to each other, but each one should be able to get to the
> internet. I do *not* want to specify individual IPs or MACs to accomplish
> this. (one of the zones is for wireless and uses dhcp)
Yes, by adding forward rules in both zones.
Eg. if no communication must exist between ZONE1 and ZONE2, then add:
zone1.conf:
	FORWARD[1]="ZONE2 DROP ALL ALL 0.0.0.0/0=>0.0.0.0/0"
zone2.conf:
	FORWARD[1]="ZONE1 DROP ALL ALL 0.0.0.0/0=>0.0.0.0/0"

Regards
Anders Fugmann




More information about the fiaif mailing list