Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall rule "pass destination this firewall"
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall rule "pass destination this firewall" (Read 1022 times)
Asperamanca
Newbie
Posts: 31
Karma: 0
Firewall rule "pass destination this firewall"
«
on:
February 10, 2021, 09:33:40 pm »
I set up a configuration with a guest LAN/WIFI using a separate interface with a VLAN id. My switch has dedicated guest ports (untagged with pvid=guest vlan id), and I have a Wifi AP which has a separate SSID for the guest vlan.
In the firewall, I defined an alias for "all local IP addresses", and made a firewall rule:
Pass from "Guest net" to "! Local IPs"
From my understanding, that would allow guests to access any IP address outside my home network. They still can see each other because the switch doesn't block traffic (it never gets to the firewall for rule checking), but I can live with that.
What is curious: On the wired guest network, I had internet connection. On the guest Wifi I did not. Then I added a rule
Pass from "guest net" to "this firewall"
Suddenly, my guest wifi has internet access.
Can you make any sense of it?
Can I at least partially restrict the rule (e.g. only opening certain ports)?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall rule "pass destination this firewall"
