I’m very new to pfSense. I’ve searched here but didn’t find an answer to my question.
I just set up a Netgate 2100 per the documentation including a VLAN tagged 4084 for a guest Wi-Fi on Port 4 of the internal switch. Created the rules per the documentation and everything works great.
I then created another VLAN tagged 4083, same set of rules as the first and put it on Port 3. This is patched to a switch that has a NAS and a PC. They connect to each other and the internet.
What I don’t understand is how to block devices on the default LAN from accessing my VLAN 4083 devices, the NAS and PC.
I’ve read the rules documentation repeatedly but I don’t get it, yet.
Get rid of your last rule, set the second to last rule to allow and set a reverse on the RFC1918 so it looks like !RFC1918.
Then your rule is saying allow everything that is NOT RFC1918.
EDIT:
Looking at the rest of your rules and they don’t look right. You don’t block or allow “This firewall” you do this by the interface address or by the interface net. Look at this example.
I didn’t necessarily contradict the documentation. I accomplished the same result with fewer rules. “This Firewall” is an alias for all the interface IP’s (ie. WAN, LAN, OPT and so on). So I literally block that already in the RFC1918 alias with my last rule.