@redfive wrote:
If instead your main network is the 192.168.1.0/24, and you want manage ZS from this network, and you also want allow web access from ETH01 while denying access to the network 192.168.1.0/24
input chain (default policy DROP)
forward chain (default policy DROP)
1 ETH00 ETH01 ACCEPT all opt -- in ETH00 out ETH01 0.0.0.0/0 -> 192.168.2.0/24 state NEW,RELATED,ESTABLISHED
2 ETH01 ETH00 DROP all opt -- in ETH01 out ETH00 0.0.0.0/0 -> 192.168.1.0/24
2 ETH01 ETH00 ACCEPT all opt -- in ETH01 out ETH00 192.168.2.0/24 -> 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
many thx for your answer and your good explanation.
this is exactly what i want – as described in your post:
web access from ETH01 and
deny the network 192.168.1.0/24 on ETH00
i have the rule defined in the chain FORWARD – policy DROP:
but never works. the effect is that i have web access from ETH01 AND reach the network 192.168.1.0/24 also… 😯
grrr 😀 ❗