Internet Only FW Rule

[spetrillo]

Does anyone have a screenshot of a working fw rule that only allows Internet access?

[banym]

Maybe I know what you mean, but this question is not clear and I don't want to answer it on an assumption.

Please describe your environment and what you intend to do with such a rule. Do you want to block traffic flow between VLANs or private networks or what is the plan behind the question?

[fabian]

If you want to prevent local traffic you need an alias containing private networks.

Then allow all with destination !private

[spetrillo]

I have a SSID and associated vlan for my IoT devices. No need for them to see my local networks. Just want them to go outbound to the Internet.

[spetrillo]

If you want to prevent local traffic you need an alias containing private networks.

Then allow all with destination !private

Wouldnt I block all private?

[banym]

It depends in what order you do it.

Here an example:

1. Allow all local traffic you need with specific defined networks or aliases (Example DNS/NTP and Connections you need to work between your IoT network and your LAN)
2. Block all traffic you want to block. for example all local RFC1918 traffic for IPv4
3. Allow all traffic to "ANY"

This will allow all defined local traffic to work before the block rule blocks all local traffic that is not defined in 1.
3. than catches all traffic that goes to external IPs and allows it.