How to block local traffic in a LAN?

[newman87]

Hi,
I have a LAN and I want to block traffic between devices connected to the LAN.
Is this possible to do? What firewall rule(s) should I use?
Thanks in advance

[chemlud]

short answer: no. long answer: no, because the talk directly, opnsense not involved (special case: wifi). get an additional interface and place devices to be separated in different subnets attached to different interfaces.

[newman87]

Thanks for the answer.
If the interface is the WIFI,then is this possible to block local traffic?How?
Cheers

[chemlud]

wireless isolation at your access point. :-)

[newman87]

What should I do for wireless isolation?Firewall rules or something else?Any hint?
Cheers

[chemlud]

wireless isolation is a feature in the settings of your wifi AP

[newman87]

Hm,I checked both settings for WiFI on Opnsense (Services>WIFI and Interfaces>WIFI) but I can't find "Wireless isolation" selection.Has this another name apart from "Wireless isolation"?Has this to do with " Allow intra-BSS communication" be unchecked?
Cheers

[lilsense]

short answer: no. long answer: no, because the talk directly, opnsense not involved (special case: wifi). get an additional interface and place devices to be separated in different subnets attached to different interfaces.

You would need a layer 2 firewall to achieve this. All traffic can be inspected. I am not sure if OPNSense is capable of Layer 2 firewall

[Stuzoo72]

Can you set up two LAN? Either using vlans or just two subnets on the same vlan (a bit uglier and not perfect, but do the job for you).

That way the two vlans would have to route between each other and so could use the Layer3 Opnsense FW.