OPNsense Forum
English Forums => General Discussion => Topic started by: xpking on February 24, 2024, 01:51:12 pm
-
Dear all,
I have an interface "LAN".
May I know how to set a firewall rule that allow all devices in LAN access internet only, but not inter communication in LAN intranet, including ICMP ping?
Thank you.
-
Since inter-LAN traffic will never reach the sense there is no chance to do this on your Sense. You could use more interfaces, grouping devices and disallow traffic between interfaces. Another way would be using devices firewalls to block traffic from other LAN devices.
-
Another option is to do client isolation if you're using wifi. But I really have to wonder about your use case. What are you attempting to accomplish?
-
Another option is to do client isolation if you're using wifi. But I really have to wonder about your use case. What are you attempting to accomplish?
Yea, I am using the interface with wifi AP.
Your solution works! Thank you very much. :)
-
Another option is to do client isolation if you're using wifi. But I really have to wonder about your use case. What are you attempting to accomplish?
Yea, I am using the interface with wifi AP.
Your solution works! Thank you very much. :)
Glad that works for you, but can you elaborate on your use case? What are you trying to accomplish that lead you to wanting this particular implementation?
-
I believe another option would be to block intravlan traffic in the switch with an ACL(s), if supported. This would probably be more useful in the case where only partial intervlan traffic was to be blocked from certain devices while still allowing them access to the internet.