Internet Only FW Rule

Started by spetrillo, August 18, 2020, 06:23:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2020, 06:23:22 PM
Does anyone have a screenshot of a working fw rule that only allows Internet access?
August 18, 2020, 08:10:39 PM #1
Maybe I know what you mean, but this question is not clear and I don't want to answer it on an assumption.

Please describe your environment and what you intend to do with such a rule. Do you want to block traffic flow between VLANs or private networks or what is the plan behind the question?
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
August 18, 2020, 08:26:23 PM #2
If you want to prevent local traffic you need an alias containing private networks.

Then allow all with destination !private
August 18, 2020, 08:27:47 PM #3
I have a SSID and associated vlan for my IoT devices. No need for them to see my local networks. Just want them to go outbound to the Internet.
August 19, 2020, 08:38:27 PM #4
Quote from: fabian on August 18, 2020, 08:26:23 PM
If you want to prevent local traffic you need an alias containing private networks.

Then allow all with destination !private

Wouldnt I block all private?
August 19, 2020, 09:22:14 PM #5
It depends in what order you do it.

Here an example:

1. Allow all local traffic you need with specific defined networks or aliases (Example DNS/NTP and Connections you need to work between your IoT network and your LAN)
2. Block all traffic you want to block. for example all local RFC1918 traffic for IPv4
3. Allow all traffic to "ANY"

This will allow all defined local traffic to work before the block rule blocks all local traffic that is not defined in 1.
3. than catches all traffic that goes to external IPs and allows it.

Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
Print
Go Up Pages1
User actions