Messages

Given "Last active" date for the members involved, I hope you're not in a hurry...
You might as well have started a new thread.

Point taken. Thanks for replying.

Actually, you could have just tried your rule and tested it (see outcomes in the logs, which requires logging to be enabled, and a description would help too).

Will do. It's my first rule, so I'm afraid of locking myself out. My next question was about whether to add the /32 to the IP, but it was added for me when I enabled the rule. Next, I'll change the IP to my laptop's to test it.

At least I understand that the devices I want to limit require address reservations!

[Ensure rule you create the following steps mentioned below is sitting on top of pass LAN rule.]

The following are the perfect steps. The only thing I want to add is order.

Ensure rule you create the following steps mentioned below is sitting on top of pass LAN rule.

Are you sure this device is being allowed to contact other destinations (non 443/TCP) in Internet?

Could you please upload another screenshot showing it (blur whatever is needed).

If you configure it like:

By this, do you mean:
(I know to enable it later)

Screen 2:

If you configure it like:

LAN Interface inbound
Source -> Device IP
Destination -> Invert LAN
Protocol -> ANY
Action -> Block/Drop

And apply, it should work.

5 years later, I'm hoping you're still around. The GUI seems much more complex now.

This seems to be a good place to start with rules.
-Sophos XG115 running the latest version of OPNsense
-no VLANs
-single router, single subnet

I want to start by making a rule to prohibit a single Home Assistant-connected device from accessing the internet.

I think I get how to use aliases to expand the rule to a range of IP addresses.

As of now, the rule is disabled. I know to enable it, but I would be very grateful for confirmation--more likely, corrections.