Hi :)
I have created a bridge (consisting of 4 ports) on a mini pc and there is an additional port for WAN
Created an alias for "home network" IP ranges 192../10../172...
On the bridge I created a rule:
Action: Pass
Interface: bridge
Direction: in
TCP/IP Version: IPv4 (I dont care about IPv6)
Protocol: any
Source: home network (alias)
Destination: home network (alias)
Log packets that are handled by this rule -> enabled
With that in place LAN connections are working fine, without it there was always something blocked (made me crazy), and I don't want to restrict LAN only communication (at least not yet).
My plan is if I want to block something on LAN I create a new rule for that specific case and put it above this rule on the bridge. Is this rule ok from safety point of view? Or does it pose some threat where I should pay extra attention to?
With that internet is still not working at all on anything in the LAN other than opnsense itself.
So I created a 2nd rule for the bridge
Action: Pass
Interface: bridge
Direction: in
TCP/IP Version: IPv4
Protocol: any
Source: home network (alias)
Destination: any
Log packets that are handled by this rule -> enabled
I tested on the Destination with "inverted home network alias" (works) the any (works) wan net (fails) wan address (fails) options. Which is the proper one to go with? I found this https://forum.opnsense.org/index.php?topic=18755.msg85870#msg85870 (https://forum.opnsense.org/index.php?topic=18755.msg85870#msg85870) helpful info but still not sure :D
And again: Is this rule ok from safety point of view? :) Or should I place this on the WAN interface with an out Direction?
Thanks for the help :)