prevent isolated vlan from accessing anything, particularly the exposed vlan

author: HimbeerserverDE <himbeerserverde@gmail.com> 2023-03-30 16:19:35 +0200
committer: HimbeerserverDE <himbeerserverde@gmail.com> 2023-03-30 16:19:35 +0200
commit: 42de46064e0a86c346b4e19a45ded684fb610053 (patch)
tree: ad17e741c5e3508e4f29d38f23d0a45edff810f9
parent: 86f3df4e324262bf7a5a575e60e9f9db3170b620 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs
index cf4b4f4..4b4974b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -39,6 +39,9 @@ fn filter() -> Result<()> {
 
     batch.add(&forward, MsgType::Add);
 
+    let deny_isolated_to_any = Rule::new(&forward)?.iface("eth0.30")?.drop();
+    batch.add(&deny_isolated_to_any, MsgType::Add);
+
     let allow_established = Rule::new(&forward)?.established()?.accept();
     batch.add(&allow_established, MsgType::Add);
author	HimbeerserverDE <himbeerserverde@gmail.com>	2023-03-30 16:19:35 +0200
committer	HimbeerserverDE <himbeerserverde@gmail.com>	2023-03-30 16:19:35 +0200
commit	42de46064e0a86c346b4e19a45ded684fb610053 (patch)
tree	ad17e741c5e3508e4f29d38f23d0a45edff810f9
parent	86f3df4e324262bf7a5a575e60e9f9db3170b620 (diff)