Author Topic: Firewall rules for guest and IoT Vlans (Read 5786 times)

meazz1 · « **on:** April 25, 2020, 04:49:52 am »

I have configured 3 VLANS, ID4, ID10 & ID20.
Default LAN 192.168.1.0/24= management
ID4 192.168.4.0/24=Home LAN
ID10 192.168.10/0/24=guest
ID20 10.0.20.0/24=IOT devices

For the default and home lan I will using the default fw rules.
I like to create a rule for guest and IOT no to have any access to the lan resource but only to internet.
I have attached few screenshots, I would really appreciate if someone can tell me what changes I need to tweak to block the access.

hbc · « **Reply #1 on:** April 25, 2020, 08:36:18 am »

Just create an alias with all RFC1918 networks:

192.168.0.0/16
172.16.0.0/12
10.0.0.0/8

Add at the end of guest and iot rules add:

block dst RFC1918
allow dst all

Or make it one rule with:
allow dst not RFC1918

This example assumes you are not using any public ips for lan and no IPv6.

meazz1 · « **Reply #2 on:** May 02, 2020, 05:37:40 pm »

Quote from: hbc on April 25, 2020, 08:36:18 am

Just create an alias with all RFC1918 networks:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8

Add at the end of guest and iot rules add:
block dst RFC1918
allow dst all

Or make it one rule with:
allow dst not RFC1918

This example assumes you are not using any public ips for lan and no IPv6.

Thanks, works out lovely!!

Author Topic: Firewall rules for guest and IoT Vlans (Read 5786 times)

meazz1

Firewall rules for guest and IoT Vlans

hbc

Re: Firewall rules for guest and IoT Vlans

meazz1

Re: Firewall rules for guest and IoT Vlans