Firewall Rules with vlans

Started by kshays, November 30, 2023, 08:56:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 30, 2023, 08:56:04 PM
Hello,

Here is a simple structure of the vlans and interfaces on the opnsense box.  I have 3 nic's in it, 1 for wan, 1 for trusted lan and 1 for untrusted stuff.

opnsense WAN DHCP
opnsense LAN1 TRUSTED 192.168.5.1/24
opnsense LAN2 UNTRUSTED 192.168.6.1/24

VLANS
-------
vlan10-trusted (LAN1 interface) 192.168.10.1/24

vlan20-untrusted  (LAN2 interface) 192.168.20.1/24
vlan30-IoT  (LAN2 interface) 192.168.30.1/24
vlan40-GUEST  (LAN2 interface) 192.168.40.1/24

Is it possible to create a firewall group consisting of the vlans and then a rule which will deny the private networks?  Would I be able to create a firewall rule for allowing internal DNS and blocking external DNS pointing to "this firewall" or do I have to create the rules in each vlan and interface since the IP is different on each one?

Thanks!
Print
Go Up Pages1
User actions