Everything I read says that in firewall filter rules, use the actual vlan interface for interface matching instead of the vrrp-interface.
However, for in-interface, it only matches if I use the vrrp interface.
I have a bridge with a few vlans. Each of those vlans contains 1 vrrp interface (vrrp is inside the vlan). Bridge -> vlan -> vrrp
vlan address = 192.168.1.2/24
vrrp address = 192.168.1.1/32
My laptop is on one of those vlan networks.
In the filter rules:
in-interface=vlan100 never matches.
in-interface=vrrp-vlan100 matches correctly.
Is this the expected behavior? I'm not targeting the vrrp address. I'm browsing general Internet.
So, it works, but it doesn't match what I'm reading (although I can't find too much).
Why is it matching the vrrp interface instead of the actual vlan interface?
However, for in-interface, it only matches if I use the vrrp interface.
I have a bridge with a few vlans. Each of those vlans contains 1 vrrp interface (vrrp is inside the vlan). Bridge -> vlan -> vrrp
vlan address = 192.168.1.2/24
vrrp address = 192.168.1.1/32
My laptop is on one of those vlan networks.
In the filter rules:
in-interface=vlan100 never matches.
in-interface=vrrp-vlan100 matches correctly.
Is this the expected behavior? I'm not targeting the vrrp address. I'm browsing general Internet.
So, it works, but it doesn't match what I'm reading (although I can't find too much).
Why is it matching the vrrp interface instead of the actual vlan interface?
Statistics: Posted by jayooo — Thu Jan 18, 2024 5:23 am