I am apparently no good with these firewall filters. I’m having problems with a very simple task.
All I want to do is have a filter that will only allow the Guest VLAN to use DNS, http, and https (udp/tcp ports 53,80,443).
I created a filter that I thought would do that, but every time it is applied to the guest vlan, it hoses.
This is the filter:
family ethernet-switching {
filter Guest54_Web {
term Guest54_To_Web {
from {
protocol [ tcp udp ];
destination-port [ 53 80 443 ];
}
then accept;
}
}
First I go to a system on the Guest vlan verify internet works.
Then apply it to the guest vlan with:
set vlans Guest54 filter output Guest54_Web
Then:
commit confirmed 5.
After the commit, I’ve killed the traffic on the guest vlan.
Can someone tell me what I’m doing wrong?