On 2/27/06, joe2141 <jrodriguezjr at gmail dot com> wrote:
> Hi All,
> I have an interesting problem that I am trying to solve (well interesting to me). I have a FW for
which I have setup an OPT2 interface on 192.168.4.X. Now my DMZ is 192.168.3.X and my LAN is
> Now what I want to do is very similar to what I am doing with my LAN network and that is not to
allow any traffic into the DMZ from the OPT2 network. For instance, right now I do not let any
traffic that is on either the DMZ or OPT2 hit my LAN. By the same token, I do not want to allow any
traffic that is on the OPT2 to hit my DMZ and LAN. I have been able to take care of this for the
LAN but when I set up a rule not to allow traffic from OPT2 to go to the DMZ it does not work. Is
there any particular reason why this is? I do not understand why it is not taking.
Rule order would be my first guess, they're processed top down first
match, and you probably have a permit rule above the deny rule.