I currently have two sites A and B that can 'talk' to each other via a hub router. The issue is that I want to stop them from 'seeing' each other as they should be aloud to see the Internet (always) and each other under special circumstances. I know I can do this easily enough with an access-list on the hub router.
The issue is that we will be continually adding sites C, D, E, etc. and I may not know about every site that goes in or the LAN's that are behind them. And still I need to stop any site to site traffic.
So I am wondering if there is away to block the traffic from these sites getting to other sites as a default and I can add in exceptions when necessary?
All the sites come through the same interface on hub router. So could there be a rule saying anything coming in interface FE 0/0 is not aloud back out it?