You could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...
Quote from: dseven on September 17, 2024, 10:24:49 pmYou could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...Thank you for commenting.How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting theNVR in the mail, and can not find any information regarding whether it has a fixed IPor a dynamic one.
How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting theNVR in the mail, and can not find any information regarding whether it has a fixed IPor a dynamic one.
Quote from: TrafficChaos on September 17, 2024, 11:35:53 pmHow can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting theNVR in the mail, and can not find any information regarding whether it has a fixed IPor a dynamic one.I would expect it will allow you to either configure a fixed IP address or use DHCP. If you choose DHCP (or if there's no option), you could create a reservation in OPNsense's DHCP server to assign it a specific IP address of your choosing (which should be outside the pool for dynamic addresses).