Default rule to allow traffic in own subnet

Started by StotoV, October 06, 2024, 05:53:31 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 10, 2024, 12:25:20 AM #15
Quote from: Bob.Dig on October 09, 2024, 10:13:13 PM
So his heading was wrong all the time. It looks like he wants to take to much shortcuts. Also he is allowing any protocol on any port. That is doing it all wrong.
As a newbie myself, I can see where the OP is coming from.
I believe he's going for a compact set of rules that applies to all interfaces (not obvious how many).
So knowing intra VLAN is not subject to OPNsense rules, I read:
* Allow a well-known set of machines to do anything
* For each VLAN, allow clients to access the gateway of the VLAN (at least DHCP, likely DNS...)
* Deny all clients to private network (which effectively blocks all inter VLAN traffic)
* Allow wide internet access to a second set of machines.

Adding a VLAN requires updating 1 alias and adding the gateway rule.

I chose a simpler path, with one rule per source, and no floating rules.
I arguably have more aliases.
Print
Go Up Pages 1 2
User actions