I have 4 VLANs. One of them is called IoT. Here’s a screenshot of the FW rules for this VLAN.
The intention is to allow Internet access for the IoT devices and to allow them to communicate with other devices on the same network.
The final rule says to BLOCK anything that is NOT destined for the IoT network. The phone that I’m using to access pfSense is in the IoT network. pfSense is NOT in the IoT network.
What would cause this?
The order of your rules matters. The first rule that matches from top to bottom is the one that get’s used, so your blocking rules need to be on the top of the order. Also I think your blocking rules is incorrect. I think you need to create a blocking rule from each VLAN to to IoT network
Before posting, I tried moving it to the top of the list. When I did that, I was no longer able to access 10.1.1.1 – good. But I was also no longer able to access the Internet.
This morning, I started to wonder why I even need a blocking rule. I was under the impression that EVERYTHING is blocked until it encounters a rule to ALLOW the communication. If I have a rule allowing access to the DNS server and one allowing access to the gateway, why is another rule needed for blocking everything outside of IoT?
