Mimicking IPFire Blue Zone in Opnsense

Started by blight, January 10, 2024, 10:49:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 10, 2024, 10:49:06 AM
Hi everyone

I am busy moving from an IPFire setup to Opnsense as it seems more active and has more functionality.
One thing that I am missing going through the setup is the ability to create a "Blue" Zone which in IPFire is the wireless zone. Basically it does the following:

Only allows clients "connectivity" if their MAC address has been added
Allows traffic from the Blue zone to the internet(WAN)  but not to the LAN zone unless specific rules are opened

Does anyone have any guide or reference to achieve this on an OPT interface in Opnsense?

Assistance is much appreciated

Regards
Brendon
January 10, 2024, 11:05:52 AM #1
You could configure this as any additional (V)LAN, but instead of the "Allow Any->Any" rule for that interface, you could use a network group firewall alias consisting of MAC firewall aliases. Devices not in that list could still connect to other devices on the same WLAN unless client isolation is possible on your equipment.

Usually, access control is not the job of the firewall, but the network layer. You would usually do this with 802.1x and a FreeRadius database - if your WLAN equipment allows it. Some brands (e.g. Unifi) have MAC-based allow lists.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions