Proper Destination for Internet?
-
If I have a VLAN that I only want to have access to the internet, what's the best practice?
Right now, I have this particular VLAN set up to block access to login into the system, block access from other VLANs, those said VLANs are configured to not have access to this VLAN.
Would I just mark the destination as any or select one WAN net?
I hate asking this question, I do have a basic understanding of the system, just want to better understand.
-
@creationguy It's a matter of putting the rules in order. Something like:
VLAN interface:
allow from VLAN Net to pfSense for DNS (53, TCP+UDP)
block from VLAN Net to pfSense (this firewall)
block from VLAN Net to LAN Net
allow from VLAN Net to anyLAN interface:
block from LAN Net to VLAN Net
allow from LAN Net to any"WAN Net" is the network of the WAN IP address, probably local to the router and its gateway.
-
@steveits
OK, I was on the right track then. I made a rule that I can toggle on to allow the NVR to pull in an update and then shut it right off.
90 Net blocks is just an alias that 90 (camlan vlan) can't access. -
Here are my rules for my guest WiFi. They allow only access to the Internet and also pinging the interface it's connected to.