Author Topic: Help needed with firewall rules to BLOCK Internet (Read 152 times)

kmavrov · « **on:** November 14, 2024, 09:36:35 am »

So i have a NoT VLAN (for local only IoT devices that i don't want to communicate with anything, except my Home Assistant instance).

So far i have managed to block traffic to other networks and allow access only to Home Assistant.
I have also managed to somewhat block Internet access:
ping google.com does not provide any results which is fine.
But int the same time:
ping 216.58.213.110 does return results - which is not fine because the things i want to block try to communicate with IPs directly, not domains.

Here is a screenshot of my current rules so far:

dseven · « **Reply #1 on:** November 14, 2024, 09:45:49 am »

The last (bottom) rule allows NoT net to "any", which includes the whole internet. You probably want to delete (or at least disable) that rule.

kmavrov · « **Reply #2 on:** November 14, 2024, 11:24:17 am »

Oh, that was it. Thank you!

EricPerl · « **Reply #3 on:** November 15, 2024, 09:55:12 pm »

And then, if you don't have other rules below the RFC1918 rule, that rule is effectively useless.
Its only value would be to generate a log entry if you disabled logging of the default block rule.

You could tighten the timeserver rule (protocol-UDP and port-NTP). That's standard.
Ditto for HA. They likely document that...

Author Topic: Help needed with firewall rules to BLOCK Internet (Read 152 times)

kmavrov

Help needed with firewall rules to BLOCK Internet

dseven

Re: Help needed with firewall rules to BLOCK Internet

kmavrov

Re: Help needed with firewall rules to BLOCK Internet

EricPerl

Re: Help needed with firewall rules to BLOCK Internet