Setting up an IOT LAN

[spetrillo]

I personally like more the reverse approach, enabling rules for all public ip (if possible restrict the ip using FQDN in aliases, when you know the destination) or at least limit the ports, when possible.

You can do it creating an alias for the private networks, and the flag the "reverse" option

So if nothing match you allow rule, the default deny apply

I would like to add two things to the overall setup you are using. I have a DNS hairpin rule set, so that those IoT devices that do not comply with standard DNS definitions via DHCP are forced to my PI-Hole and then out. How would I add a rule to do that? Do I just let Pi-Hole IP inbound to the IoT vlan?

[geo]

Hello could the OP and responders post their firewall rules.

I too have an IOT VLAN set up but currently only have firestick on there and not any home automation devices on there due to the need to switch between regular LAN and IOT network to control these devices.

Would be nice to be able to send commands from my phone on LAN and control a device (e.g light switch) connected to IOT network.

Thanks!