True DMZ segment via physical port (68u w/Merlin)

[CollinChaffin]

Before I get too deep into this, I've read many posts detailing the vlan via ebtables and firewall cmds etc.

My question is: via SSH shell scripts surely there is a way on the 68u with latest Merlin FW to create a true DMZ segment with another ip interface to for instance a 10.1.1.0 segment specifically off of LAN port 4 that is fully reachable via internal, but can only initiate ip connections to WAN? Or even just multi-net the LAN port to allow multiple internal segment routing?

If so, can someone point me to (or help me put together) a decent and simple shell script? TIA!

 

[Vexira]

Before I get too deep into this, I've read many posts detailing the vlan via ebtables and firewall cmds etc.

My question is: via SSH shell scripts surely there is a way on the 68u with latest Merlin FW to create a true DMZ segment with another ip interface to for instance a 10.1.1.0 segment specifically off of LAN port 4 that is fully reachable via internal, but can only initiate ip connections to WAN? Or even just multi-net the LAN port to allow multiple internal segment routing?

If so, can someone point me to (or help me put together) a decent and simple shell script? TIA!

Can't you just run a static route?