[SOLVED] Block IoT Devices from Internet, but allow on OpenVPN Clients

Started by bawitdaba, September 09, 2025, 08:06:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 09, 2025, 08:06:31 AM Last Edit: September 10, 2025, 10:32:27 AM by bawitdaba Reason: Problem Solved
Hello

I'm brand new to OPNSense I've just migrated from pfSense and i'm having a very hard time understanding these firewall rules.

I want to block my IoT devices (firewall alias, single host for testing at the moment) from accessing the Internet (i was able to setup a !inverse block rule on LAN to do this), but I can't seem to figure out how to allow the IoT devices access to/from OpenVPN clients.

I feel like i've tried every rule possible, and i'm clearly missing something. I've done a fair amount of searching and I didn't find any posts with this issue.

Any suggestions?

/edit/

I was able to solve this by adding an alias for RFC 1918 Private Networks with the following networks and updating the inverse destination to that alias.
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

One of the IoT devices I was testing with was an IP Camera and the app I was using wasn't properly configured and was trying to access the WAN IP which was preventing this from working.

Here is the working rule
Print
Go Up Pages1
User actions