Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: deadlock on October 14, 2024, 03:50:05 PM

Title: Device network should be able to reach Internet, but should not other interfaces
Post by: deadlock on October 14, 2024, 03:50:05 PM
I have set up a VLAN for a Device network for mobile phones. These should only be able to access Internet and a single IP address on LAN (10.0.10.223).

I like to set up rules in the wat that I define what to allow, and not defining what not to allow. However this is the only way I have found to set this up (see attached picture)

Is it possible to define this the other way around, only defining what is allowed?

Title: Re: Device network should be able to reach Internet, but should not other interfaces
Post by: dseven on October 14, 2024, 04:28:02 PM
You can define an alias representing all of your "private networks" and use one rule to block that as a destination. The alias could include a list of subnets, or perhaps the entire RFC1918 ranges, if that covers your private networks. You possibly could use destination invert on your "allow any" rule instead of the block rule, but either way you have to specify what is to be excluded.
Title: Re: Device network should be able to reach Internet, but should not other interfaces
Post by: deadlock on October 16, 2024, 09:18:58 AM
Thanks alot! That sounds like the best option so far
Text only | Text with Images