Block traffic between interface LAN

Started by Dexter_23, February 27, 2024, 04:01:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 27, 2024, 04:01:25 PM
HI all
I attach my network diagram so you can understand what i want to achieve
Basically i want only the interface lan vmbr0,vmbr2,vmbr3,vmbr4,vmbr5,vmbr6 have access only on wan interface to go out and reach internet, i don't want vmbro can talk to vmbr2 and viceversa.
Thanks
February 27, 2024, 04:08:29 PM #1
Then add rules to prohibit that traffic.

You can use an interface group to simplify things and then create a single set of rules like in the screen shot of this post of mine:

https://forum.opnsense.org/index.php?topic=39041.msg191389#msg191389
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 27, 2024, 04:23:00 PM #2
Hi Patrick
I have attached the current firewall rules that I have on the interfaces vmbr0 up to vmbr6 excluding vmbr1 which is the wan.
With the following two rules I can surf the internet so it's fine. But I would like to create a rule where it can only go to the internet but can't go to the other networks which are on the other interfaces.
What rule should I create? Can you give some examples? Thanks.
February 27, 2024, 04:35:26 PM #3
See the screenshot in my linked post above which shows exactly that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 28, 2024, 10:30:38 AM #4
Ok thank you i create alias network with all lan networks, and then create a rule like this and it works!!!
Print
Go Up Pages1
User actions