Segregate devices on same VLAN in pfsense

Unfortunately my current mesh wifi system is not VLAN aware, so currently all my IOT devices share the wifi with other non IOT things. Ideally I’d like to restrict the IOT to just internet access and not have access sideways to my other non IOT devices. Ofbiously as it is all one VLAN, firewall rules dont really work (unless I’m missing something). I thought about segmenting the VLAN using subsets but I can’t figure out the configuration to still have all devices accessible to the WWW but not across subnet segments.

Appreciate thoughts and help please.

You need separate network subnets for this to work. If you don’t have a switch / access point that supports vlans then you will need an addition access point or switch.