Firewall rules for guest and IoT Vlans

Started by meazz1, April 25, 2020, 04:49:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 25, 2020, 04:49:52 AM
I have configured 3 VLANS, ID4, ID10 & ID20.
Default LAN 192.168.1.0/24= management
ID4 192.168.4.0/24=Home LAN
ID10 192.168.10/0/24=guest
ID20 10.0.20.0/24=IOT devices

For the default and home lan I will using the default fw rules.
I like to create a rule for guest and IOT no to have any access to the lan resource but only to internet.
I have attached few screenshots, I would really appreciate if someone can tell me what changes I need to tweak to block the access.







April 25, 2020, 08:36:18 AM #1
Just create an alias with all RFC1918 networks:

  • 192.168.0.0/16
  • 172.16.0.0/12
  • 10.0.0.0/8

Add at the end of guest and iot rules add:

  • block dst RFC1918
  • allow dst all

Or make it one rule with:
allow dst not RFC1918

This example assumes you are not using any public ips for lan and no IPv6.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
May 02, 2020, 05:37:40 PM #2
Quote from: hbc on April 25, 2020, 08:36:18 AM
Just create an alias with all RFC1918 networks:

  • 192.168.0.0/16
  • 172.16.0.0/12
  • 10.0.0.0/8

Add at the end of guest and iot rules add:

  • block dst RFC1918
  • allow dst all

Or make it one rule with:
allow dst not RFC1918

This example assumes you are not using any public ips for lan and no IPv6.

Thanks, works out lovely!!
Print
Go Up Pages1
User actions