app-network: 0022841: Change firewall to isolate all LAN's/VLAN's from each other
Migrated from: https://tracker.clearos.com/view.php?id=22841
Reported by: NHowitt
Currently all interfaces designated as LAN can talk to any other LAN or HotLAN subnet. In some ways this is a strange behaviour as VLAN's are often used to segregate traffic and provide privacy on each LAN.
We can: 1 - Change the default firewall so that LAN interfaces can no longer talk to each other. This should include HotLANs, as again, the default behaviour is to allow any LAN to talk to a HotLAN but not vice-versa. 2 - Add an webconfig screen to allow interfaces to talk to each other. It only needs to be one-way as the default RELATED,ESTABLISHED rule would allow traffic back. This would avoid having to create Custom Firewall rules. 3 - Optionally allow the rule to to be bidirectional so if LAN-A can talk to LAN-B, then LAN-B can talk to LAN-A. This is the same as selecting two allows from 2) above.