Help needed with firewall rules to BLOCK Internet

Started by kmavrov, November 14, 2024, 09:36:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 14, 2024, 09:36:35 AM
So i have a NoT VLAN (for local only IoT devices that i don't want to communicate with anything, except my Home Assistant instance).

So far i have managed to block traffic to other networks and allow access only to Home Assistant.
I have also managed to somewhat block Internet access:
ping google.com does not provide any results which is fine.
But int the same time:
ping 216.58.213.110 does return results - which is not fine because the things i want to block try to communicate with IPs directly, not domains.

Here is a screenshot of my current rules so far:

November 14, 2024, 09:45:49 AM #1 Last Edit: November 14, 2024, 11:31:28 AM by dseven
The last (bottom) rule allows NoT net to "any", which includes the whole internet. You probably want to delete (or at least disable) that rule.
November 14, 2024, 11:24:17 AM #2
Oh, that was it. Thank you!
November 15, 2024, 09:55:12 PM #3
And then, if you don't have other rules below the RFC1918 rule, that rule is effectively useless.
Its only value would be to generate a log entry if you disabled logging of the default block rule.

You could tighten the timeserver rule (protocol-UDP and port-NTP). That's standard.
Ditto for HA. They likely document that...
Print
Go Up Pages1
User actions