I have a question about how firewalls work with IPIP tunnels
I have an IPIP tunnel and I route all lan subnet traffic down this tunnel as the default gateway with policy routing, but the WAN (non IPIP tunnel traffic) interface still gets some traffic for other things, how do I have 2 separate firewalls for each interface? When I use IN-Interface as "wan" will it stop/block the IPIP tunnel traffic?
Id like to have 2 different chains for each interface, but the way I understand it is that I cant use in-interface= "wan" policy drop and in-interface=IPIP tunnel policy accept, because the in-interface for the IPIP tunnel is also the in-interface for wan.
Im open to suggestions.
