Quote Originally Posted by KBOYLE View Post
ttrcf wrote:

> My difficulty is how to apply separate rules to the traffic from the
> private network that is destined for the router machine via the
> adapter in the internal firewall zone

That is what I understood.

Can you not configure both interfaces as external and then permit
specific traffic to/from each interface?

Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

Thanks again but I am not sure what you mean by this. If I have both NICs in the same zone will they not pickup exactly the same rules? Could you perhaps give an example of a firewalld rule that would act on traffic between two interfaces in the same zone.

I was playing yesterday with outbound rules on the external interface and managed to block all outgoing traffic except DNS and SSH. This worked for traffic from the external zone but did not affect the masqueraded traffic from the internal zone, even though it was passing through the external interface. Is this expected behaviour?