i try to block traffic to the firewall itself.
I had set following rules.
IPv4 Firewall “Gast-Network-In”:
Active on (eth1.5,IN)
rule action proto packets bytes
1 drop all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 match-set DMZ-Network dst
For example i cant ping a device in DMZ-Network(10.x.2.100) but i can ping vyos 10.x.2.1.
The interfaces configured as vlan eth1.5 is GuestNetwork and eth1.2 is DMZ.
I can see this in the logs if i ping 10.x.2.1"ESTABLISHED" but i cant find any log entry that establish this connection.
[FW-STATE_POL-ESTABLISHED-A]IN= OUT=eth1.5 SRC=10.x.2.1 DST=10.x.5.106 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35797 PROTO=ICMP TYPE=0 CODE=0 ID=18713 SEQ=1
Thanks in advance for your answers