What is the goal?

The goal is to set up basic firewall rules to stop networks from communicating with each other and, more importantly, to stop IoT devices from talking to other devices. The reason we want to do this is because IoT devices are horrible for security. This is because vendors don’t update the devices or don’t update them often. If something has technology in it, it CAN AND WILL be hacked. It is a question of when and not if. So to stop other devices from being affected, just cut them off from the network.

Rules

First, I am going to show you how to block inter-VLAN communication. This will stop VLANs from talking to each other. So if you have LAN1 and LAN2, devices on LAN1 cannot ping devices on LAN2 and vice versa.

  1. Go to Settings -> Security -> Traffic & Firewall Rules -> Simple
  2. Create a new entry
  3. Use these settings:
  • Name: Block inter-VLAN
  • Action: Block
  • Source: All Devices
  • Destination: Local Network Default
  • Traffic Direction: Both Directions
  • Schedule: Always

Options

I will show you how to bypass this rule. Do this on a per-device basis or, better yet, based on port number. Do steps 1 and 2, then:

  1. Use these settings:
  • Name: Give it a name so by looking at it you can tell what it does
  • Action: Allow
  • Source: The device/network you want to be able to talk to the device
  • Destination: IP address. Use the IP address of the thing you want the other device to talk to
  • Schedule: Always

Conclusion

By implementing these firewall rules, you significantly improve your network security by isolating IoT devices and preventing unnecessary inter-VLAN communication. While the default rules block all cross-network traffic, you can still create specific exceptions when needed using the Options section. This approach follows the principle of “least privilege” - only allowing the exact communications that are necessary and blocking everything else by default.

Remember: Security is about layers of protection, and network segmentation through proper firewall rules is an essential layer in protecting your devices from potential security breaches.