OPNsense Forum

English Forums => General Discussion => Topic started by: Kryoman on January 19, 2018, 04:17:51 pm

Title: [HELP] Only allow WAN access for bridged connection
Post by: Kryoman on January 19, 2018, 04:17:51 pm: (Images where so large i decided not to use the BB-IMG code tag)

I'm running two interfaces in bridge mode (LAN and MLAN), sharing the same subnet with DHCP (From LAN).
https://i.imgur.com/gid9Cjh.png
https://i.imgur.com/zPd6WUq.png

The plan is that LAN is going to be the administration interface, allowing access to MLAN and WAN ofc.

But i only want to allow clients on MLAN to access WAN (Internet), not allowing them to communication with other local IP's on the network.

These are current rules for MLAN and LAN that i think should work for me, looking for suggestions / corrections!
https://i.imgur.com/pJMEfzK.png
https://i.imgur.com/2iuMw2e.png

The LAN rules are default, just removed the "Anti-Lockup WEB GUI rule"

##UPDATE
Added the following DHCP rule, port 67 , 68
Can i be any more specific with the source and destination?
Does this pose any security risk even with UDP only?
https://i.imgur.com/A88I552.png

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy