Device network should be able to reach Internet, but should not other interfaces

deadlock · October 14, 2024, 03:50:05 PM

I have set up a VLAN for a Device network for mobile phones. These should only be able to access Internet and a single IP address on LAN (10.0.10.223).

I like to set up rules in the wat that I define what to allow, and not defining what not to allow. However this is the only way I have found to set this up (see attached picture)

Is it possible to define this the other way around, only defining what is allowed?

dseven · October 14, 2024, 04:28:02 PM

You can define an alias representing all of your "private networks" and use one rule to block that as a destination. The alias could include a list of subnets, or perhaps the entire RFC1918 ranges, if that covers your private networks. You possibly could use destination invert on your "allow any" rule instead of the block rule, but either way you have to specify what is to be excluded.

deadlock · October 16, 2024, 09:18:58 AM

Thanks alot! That sounds like the best option so far

Device network should be able to reach Internet, but should not other interfaces

deadlock

October 14, 2024, 03:50:05 PM

dseven

October 14, 2024, 04:28:02 PM #1

deadlock

October 16, 2024, 09:18:58 AM #2