this post was submitted on 24 Sep 2023
12 points (83.3% liked)

Selfhosted

39282 readers
225 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
12
OPNSense vlan client firewall rules help (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

Hey guys, since early this year i've started self hosting. I started by setting up my own router. Its been nice so far. Although I've recently ran into a problem. Perhaps someone with more experience can point me in the right direction. In an attempt to prevent vlan client from accessing the internet, restricting them to only reserved addresses im coming up short. I've been able to do perform this for clients not using a vlan but when i apply the rule to a single vlan client, it appears to break the network. Any help would be much appreciated. --Cheers!!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

I think you should provide more information about the rule you created.

[–] [email protected] 1 points 1 year ago (1 children)

Deny everything, Permit only private address range, specifically the subnet the device is on.

[–] [email protected] 2 points 1 year ago

A firewall usually reads the rules from top to bottom and applies the first match. So when your first rule is deny everything , it will deny literally anything before the second rule will be applied.

Your deny rule should always be at the end.