Show Posts
1
General Discussion / Firewall Rules with vlans
« on: November 30, 2023, 08:56:04 pm »
Hello,
Here is a simple structure of the vlans and interfaces on the opnsense box. I have 3 nic's in it, 1 for wan, 1 for trusted lan and 1 for untrusted stuff.
opnsense WAN DHCP
opnsense LAN1 TRUSTED 192.168.5.1/24
opnsense LAN2 UNTRUSTED 192.168.6.1/24
VLANS
-------
vlan10-trusted (LAN1 interface) 192.168.10.1/24
vlan20-untrusted (LAN2 interface) 192.168.20.1/24
vlan30-IoT (LAN2 interface) 192.168.30.1/24
vlan40-GUEST (LAN2 interface) 192.168.40.1/24
Is it possible to create a firewall group consisting of the vlans and then a rule which will deny the private networks? Would I be able to create a firewall rule for allowing internal DNS and blocking external DNS pointing to "this firewall" or do I have to create the rules in each vlan and interface since the IP is different on each one?
Thanks!
Here is a simple structure of the vlans and interfaces on the opnsense box. I have 3 nic's in it, 1 for wan, 1 for trusted lan and 1 for untrusted stuff.
opnsense WAN DHCP
opnsense LAN1 TRUSTED 192.168.5.1/24
opnsense LAN2 UNTRUSTED 192.168.6.1/24
VLANS
-------
vlan10-trusted (LAN1 interface) 192.168.10.1/24
vlan20-untrusted (LAN2 interface) 192.168.20.1/24
vlan30-IoT (LAN2 interface) 192.168.30.1/24
vlan40-GUEST (LAN2 interface) 192.168.40.1/24
Is it possible to create a firewall group consisting of the vlans and then a rule which will deny the private networks? Would I be able to create a firewall rule for allowing internal DNS and blocking external DNS pointing to "this firewall" or do I have to create the rules in each vlan and interface since the IP is different on each one?
Thanks!