Firewall rule for Hotspot network
I have here three networks (LAN, WLAN, HOTSPOT) and three internet
connections (WAN1, WAN2, WAN3).
On the HOTSPOT network the captive portal runs.
Now, I would like to have: no connection from the HOTSPOT network to
any other local/VPN network and all internet connections over WAN3.
So I add a firewall rule with "!destination LAN WLAN and VPN networks"
and gateway of WAN3.
It works, but is there a better way to handle that? As I must
add every new local/VPN network to the rule.
Make an alias that contains all your local networks
Then, on the hotspot interface rules:
Block from Hotspot to Local_Nets
Pass from Hotspot to *, gateway WAN3
You could just do:
Pass from Hotspot to !Local_Nets, gateway WAN3
However I would recommend against that from a readability standpoint. Unless you have thousands of rules and are looking to simplify the ruleset, the readability/understandability of the two separate block/pass rules is much higher.