Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Device network should be able to reach Internet, but should not other interfaces
« previous
next »
Print
Pages: [
1
]
Author
Topic: Device network should be able to reach Internet, but should not other interfaces (Read 168 times)
deadlock
Newbie
Posts: 2
Karma: 0
Device network should be able to reach Internet, but should not other interfaces
«
on:
October 14, 2024, 03:50:05 pm »
I have set up a VLAN for a Device network for mobile phones. These should only be able to access Internet and a single IP address on LAN (10.0.10.223).
I like to set up rules in the wat that I define what to allow, and not defining what not to allow. However this is the only way I have found to set this up (see attached picture)
Is it possible to define this the other way around, only defining what is allowed?
Logged
dseven
Sr. Member
Posts: 312
Karma: 33
Re: Device network should be able to reach Internet, but should not other interfaces
«
Reply #1 on:
October 14, 2024, 04:28:02 pm »
You can define an alias representing all of your "private networks" and use one rule to block that as a destination. The alias could include a list of subnets, or perhaps the entire RFC1918 ranges, if that covers your private networks. You possibly could use destination invert on your "allow any" rule instead of the block rule, but either way you have to specify what is to be excluded.
Logged
deadlock
Newbie
Posts: 2
Karma: 0
Re: Device network should be able to reach Internet, but should not other interfaces
«
Reply #2 on:
October 16, 2024, 09:18:58 am »
Thanks alot! That sounds like the best option so far
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Device network should be able to reach Internet, but should not other interfaces
