I would like to BLOCK a device from accessing other devices on my VLAN (CARROT_VLAN 192.168.200.0/24). ie: Device 192.168.200.200 from accessing multiple devices 192.168.200.200-192.168.252. My motivation is…
To limit one device from accessing another on the same subnet.
To bring my Sonos speakers over from Sonos_VLAN to CARROT_VLAN, Limiting their access to only Sonos devices and the internet while still allowing my appleTV to see the speakers. …I had an issue with Sonos and while on phone support, without my permission the Sonos tech was able to see all the devices on my network, see my wifi setup.
To limit my smart Light switches ( 192.168.200.50-192.168.200.60) from seeing any other devices on CARROT_VLAN.
I originally isolated devices to their own Vlan’s and tried to use firewall rules to bridge access. This did not work for mDNS,Bonjour …from what I read I need a linux computer running avahi-daemon
Can I keep the devices VLAN Isolated and use Multicast routing for mDNS,Bonjour,HomeKit
I considered using an Address_list via DHCP, Adding Devices to “TOY” address list and “Secure”. then creating a firewall rule blocking TOY from Secure
chain=forward action=drop src-address-list=Test dst-address-list=Secure
log=no log-prefix=“”
chain=output action=drop src-address-list=Test dst-address-list=Secure
log=no log-prefix=“”
or
chain=forward action=drop src-address-list=Test dst-address-list=Secure
in-interface=APPLE_VLAN log=no log-prefix=“”
chain=output action=drop src-address-list=Test dst-address-list=Secure
out-interface=APPLE_VLAN log=no log-prefix=“”
I considered subnetting the devices I can not figure out how to do this.
I am hoping to keep my IOT devices contained but still accessible.
I would still like to be able to access these devices mDNS,Bonjour etc.
Does any one have any suggestion?
RB5009_092724.rsc (38.4 KB)