When you create a new VLAN or a network on another physical interface, access to all other networks are blocked by default since there are no firewall rules defined for the new network (besides hidden auto-generated ones required for DHCP to function, for instance). LAN/VLAN Rulesīy default, the LAN network in OPNsense has anti-lockout rules (to prevent you from locking yourself out of the web interface) and an “allow any” rule which allows access to all local and remote networks. You will see a list of interfaces in which you may add firewall rules. To add new firewall rules for your various network interfaces, go to the “Firewall > Rules” page. It also helps make the rules more readable since you do not have to remember that 192.168.10.10 is your laptop, PC, Raspberry Pi, etc. Aliases allow for multiple values and you can quickly change the values for several rules at the same time. If you plan to create several rules for a particular device or want to combine multiple IP/network addresses into a single rule, you may want to use aliases. It is worth noting that any IP addresses used in the examples could be substituted with aliases. I thought it would be a good idea to consolidate a variety of scenarios into a single how-to that could be used as a quick reference guide.
This is especially true once you become more experienced and comfortable with writing rules. When looking up information on how to write firewall rules in OPNsense, you may be looking for specific examples on how to block or allow certain types of network traffic rather than how to write firewall rules in general.
0 kommentar(er)
