Creating a Deny rule with exceptions for a specific device

Spiky_Gladiator · January 14, 2023, 02:18:42 PM

Hi,

I'm having a little bit of trouble setting up a firewall rule(s) for one of the devices that I use.
I want this specific device to:

Deny access to the internet.
Allow access to local devices on the same VLAN that the device is connected to.
Only Allow access to a set of websites\services on the internet.

How can I setup this rule\set of rules ?

I presume to target a specific device I need to either use its MAC or IP Address then setup all three separate rules but how can I setup all of the above rules ?

When creating a firewall rule on the VLAN's interface, I don't see any option for inserting a MAC Address anywhere, am I missing something ?

Also, how do I allow a specific websites\services, I get that I need IP Address of the them but again where do I insert them ?

This might seem like something easy to do but I'm struggling with setting the said rules in OPNSense.

Are there any other and better ways of achieving what I want to do ?

Any help is appreciated.
Thanks

Patrick M. Hausen · January 14, 2023, 02:20:25 PM

Specific permit rules first, deny rule last. Rules are processed in order.

chemlud · January 14, 2023, 07:17:28 PM

...top to bottom, until first rule fits the traffic. ;-)

Fright · January 14, 2023, 07:51:04 PM

...if its the "first match" ("quick") rule ;)
(otherwise, the last matching rule wins)

chemlud · January 14, 2023, 11:12:40 PM

...yep, but "first match" is the standard, that's what happenz normally in the sense firewall rules tab, until you change (break :-D ) things...

Creating a Deny rule with exceptions for a specific device

Spiky_Gladiator

January 14, 2023, 02:18:42 PM

Patrick M. Hausen

January 14, 2023, 02:20:25 PM #1

chemlud

January 14, 2023, 07:17:28 PM #2

Fright

January 14, 2023, 07:51:04 PM #3

chemlud

January 14, 2023, 11:12:40 PM #4