I'm looking to move from pfsense to opnsense and trying to reproduce my pfsense setup, Here's my initial goals and where I'm getting stuck and need help. On pfsense I have three interfaces, WAN, LAN and LAN2. Lan and LAN2 are firewalled off from each other. On LAN2 I have streaming devices and WiFi that I want isolated from the Lan interface. On LAN we have our desktops, printer, NAS and Cams and would like the Cams, printer and NAS restricted from internet access.
I don't know if this is a best practice and unlike pfsense I setup a Floating FW rule on opnsense which blocks pings from LAN2 to Lan but not both ways as in pfsense but I could live with that if that's how it is. On the Lan interface I want to block access for certain devices but I can't find any examples of blocking a range of IP's for cams and or individual IPs such as for printer and our NAS. How do I block a static IP or an IP range from Wan access? Thanks in advance
Create a deny rule with the IP or range of IPs as source address, place before the allow rule for all other sources.
Thank you, I think it might be working. I'll test again tomorrow.
Just out of curiosity, pick a device (machine-A) on LAN2 that is not supposed to be able to ping LAN.
If you "statically" assign "machine-A" an IP address from the LAN Subnet, then "machine-A" most likely be able to ping LAN from LAN2.
If this is not the behavior you want then you will need to add VLANs and possibly L2 switches depending on your topology.