Hi,
I have a LAN and I want to block traffic between devices connected to the LAN.
Is this possible to do? What firewall rule(s) should I use?
Thanks in advance
short answer: no. long answer: no, because the talk directly, opnsense not involved (special case: wifi). get an additional interface and place devices to be separated in different subnets attached to different interfaces.
Thanks for the answer.
If the interface is the WIFI,then is this possible to block local traffic?How?
Cheers
wireless isolation at your access point. :-)
What should I do for wireless isolation?Firewall rules or something else?Any hint?
Cheers
wireless isolation is a feature in the settings of your wifi AP
Hm,I checked both settings for WiFI on Opnsense (Services>WIFI and Interfaces>WIFI) but I can't find "Wireless isolation" selection.Has this another name apart from "Wireless isolation"?Has this to do with " Allow intra-BSS communication" be unchecked?
Cheers
Quote from: chemlud on January 27, 2022, 01:14:12 PM
short answer: no. long answer: no, because the talk directly, opnsense not involved (special case: wifi). get an additional interface and place devices to be separated in different subnets attached to different interfaces.
You would need a layer 2 firewall to achieve this. All traffic can be inspected. I am not sure if OPNSense is capable of Layer 2 firewall
Can you set up two LAN? Either using vlans or just two subnets on the same vlan (a bit uglier and not perfect, but do the job for you).
That way the two vlans would have to route between each other and so could use the Layer3 Opnsense FW.