Ennek működnie kell.
;;; disable to communicate primary network
chain=forward action=drop src-address=192.168.XXX.0/24 dst-address=192.168.YYY.0/24 log=no log-prefix=""
;;; disable to communicate secondary network
chain=forward action=drop src-address=192.168.YYY.0/24 dst-address=192.168.XXX.0/24 log=no log-prefix=""