How to block local traffic in a LAN?

Started by newman87, January 27, 2022, 01:05:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 27, 2022, 01:05:06 PM
Hi,
I have a LAN and I want to block traffic between devices connected to the LAN.
Is this possible to do? What firewall rule(s) should I use?
Thanks in advance
January 27, 2022, 01:14:12 PM #1
short answer: no. long answer: no, because the talk directly, opnsense not involved (special case: wifi). get an additional interface and place devices to be separated in different subnets attached to different interfaces.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 27, 2022, 01:18:09 PM #2
Thanks for the answer.
If the interface is the WIFI,then is this possible to block local traffic?How?
Cheers
January 27, 2022, 01:23:34 PM #3
wireless isolation at your access point. :-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 27, 2022, 01:28:09 PM #4
What should I do for wireless isolation?Firewall rules or something else?Any hint?
Cheers
January 27, 2022, 01:41:44 PM #5
wireless isolation is a feature in the settings of your wifi AP
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 27, 2022, 01:49:09 PM #6 Last Edit: January 27, 2022, 01:52:02 PM by newman87
Hm,I checked both settings for WiFI on Opnsense (Services>WIFI and Interfaces>WIFI) but I can't find "Wireless isolation" selection.Has this another name apart from "Wireless isolation"?Has this to do with " Allow intra-BSS communication" be unchecked?
Cheers
January 27, 2022, 04:41:46 PM #7
Quote from: chemlud on January 27, 2022, 01:14:12 PM
short answer: no. long answer: no, because the talk directly, opnsense not involved (special case: wifi). get an additional interface and place devices to be separated in different subnets attached to different interfaces.

You would need a layer 2 firewall to achieve this. All traffic can be inspected. I am not sure if OPNSense is capable of Layer 2 firewall
February 06, 2022, 12:52:34 AM #8
Can you set up two LAN? Either using vlans or just two subnets on the same vlan (a bit uglier and not perfect, but do the job for you).

That way the two vlans would have to route between each other and so could use the Layer3 Opnsense FW.
Print
Go Up Pages1
User actions