Hello all.
I have to admit that it's been a bit difficult for me to see the whole picture of how FirewallD works, so I need a little bit of help figuring out some things.
Like for example: I'm configuring a WAN/LAN gateway and I'm working with VLANs as well. For this, I'm using the External zone for WAN and Internal zone for LAN/VLAN, so far we're good but, I can't find the way to make exceptions without using the --direct option.
In short, I have:
VLAN99=192.168.99.0/24 VLAN100=192.168.100.0/24 VLAN200=192.168.200.0/24
I want to make VLAN100 and VLAN200 have access to VLAN99 and viceversa but VLAN100 does not have access to VLAN200 and viceversa.
I tried this rich rule and got errors:
firewall-cmd --zone=internal --add-rich-rule='rule family="ipv4" source address="192.168.100.0/24" destination address="192.168.200.0/24" reject'
Error: INVALID_RULE: destination action
I appreciate any suggestions you can give me to sort this out.
firewalld-users@lists.fedorahosted.org