Restricting local communications
I am new here and got some questions :
1- I have a local network with two groups of users : Restricted and non-Restricted, for Restricted users I use an alias with proper rules list and static dhcp mapping, my question is : is there a way to prevent those two groups from connecting to each other with some exceptions (I noticed they can connect with each other when the firewall was rebooting).
2- Can I prevent all users from connecting to internet if they don't have their IP from pfsense DHCP server ?
3- Can I use a virtual extra subnet for my lan ??
Thats it for now, thank you very much !
Yes, put them on separate VLAN's (or physical LAN's if you have the hardware) doesn't really matter which just use whichever you have the hardware for.
Then write firewall rules to pass and block/reject whatever traffic you want between them.