Does anybody know how to do this more easily. Lets say I have 10 different isolated DMZs. (They are created as VLANs on the "inside" interface so I can connect servers to them).
Now I want each VLAN to be able to get an IP address from a DHCP pool, and to hit the Internet. Nothing else. No DMZ<->DMZ or DMZ->LAN traffic. The default LAN rules allow me to hit each DMZ from the LAN, so that part is good. The problem is getting each DMZ isolated from each other. The only thing I have working is to create 10 rules on each DMZ (to block access to the other DMZs and the LAN), and an accept "any" rule to be able to get out. I really don't like this as it's error prone. If I add a new DMZ, I have to remember to add that rule to all the others. Is there an easy set of rules I can make to allow the DMZ access to only its own net, and the Internet? Regards, -Jeppe _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
