"
I'm fairly new to all this and need some advice.
Basically I have a server with couple of docker containers that are accessible from the outside world via a cloudflare tunnel. I have no open WAN ports.
Is it advisable to have the containers on a different VLAN?, that i guess would minimise the chance of intrusions accessing my main LAN. I could do the same for IoT devices putting them on a different VLAN.
But if I do that, I would need an OPNsense rule to allow traffic between my main LAN and the VLANS so I can access them locally just as I do now.
So what I'm not sure on is doesn't creating that rule make it a free for all between the LAN / VLANS, defeating the object of isolation in the first place ?
I'm clearly not understanding something so I'm after some advise on the best approach.
If i've got the wrong end of the stick then please correct me.
Basically I have a server with couple of docker containers that are accessible from the outside world via a cloudflare tunnel. I have no open WAN ports.
Is it advisable to have the containers on a different VLAN?, that i guess would minimise the chance of intrusions accessing my main LAN. I could do the same for IoT devices putting them on a different VLAN.
But if I do that, I would need an OPNsense rule to allow traffic between my main LAN and the VLANS so I can access them locally just as I do now.
So what I'm not sure on is doesn't creating that rule make it a free for all between the LAN / VLANS, defeating the object of isolation in the first place ?
I'm clearly not understanding something so I'm after some advise on the best approach.
If i've got the wrong end of the stick then please correct me.
