make sure no communication into the isolated vlan is possible either

author: HimbeerserverDE <himbeerserverde@gmail.com> 2023-03-30 17:44:28 +0200
committer: HimbeerserverDE <himbeerserverde@gmail.com> 2023-03-30 17:44:28 +0200
commit: 46949a44790f7090ee81b8cc97708af71c837457 (patch)
tree: 8667dc113054c06713a82b08b11ec3cc5329998a
parent: 42de46064e0a86c346b4e19a45ded684fb610053 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs
index 4b4974b..e55509f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -42,6 +42,9 @@ fn filter() -> Result<()> {
     let deny_isolated_to_any = Rule::new(&forward)?.iface("eth0.30")?.drop();
     batch.add(&deny_isolated_to_any, MsgType::Add);
 
+    let deny_any_to_isolated = Rule::new(&forward)?.oface("eth0.30")?.drop();
+    batch.add(&deny_any_to_isolated, MsgType::Add);
+
     let allow_established = Rule::new(&forward)?.established()?.accept();
     batch.add(&allow_established, MsgType::Add);
author	HimbeerserverDE <himbeerserverde@gmail.com>	2023-03-30 17:44:28 +0200
committer	HimbeerserverDE <himbeerserverde@gmail.com>	2023-03-30 17:44:28 +0200
commit	46949a44790f7090ee81b8cc97708af71c837457 (patch)
tree	8667dc113054c06713a82b08b11ec3cc5329998a
parent	42de46064e0a86c346b4e19a45ded684fb610053 (diff)