It has always been my understanding that until you add firewall rules to an interface allowing a specified type of traffic, all traffic on that interface is blocked. So what is the purpose of a BLOCK rule?
When a device is on my IoT network, I don't want to have access to anything on any of the other VLANs (or the default LAN).
Following a screenshot of the rules I have defined on my IoT Firewall.
It allows access to the DNS on the firewall and to use the gateway for internet access. But when I'm connected to this VLAN, I'm still able to access devices in the default LAN: 10.1.1.1 (the pfSense Router), 10.1.1.2 (the ProxMox machine that hosts pfSense and Home Assistant) and 10.1.1.3 (my managed switch). Shouldn't the fact that I haven't created a rule to allow that activity be enough to prevent it? I previously tried making a rule that blocks any traffic destined for any network other than IoT. If I put that at the top of the list, I couldn't access ANYTHING while connected to IoT -- internet or otherwise. If I put that rule at the bottom of the list, there was no change -- I could access anything including the default LAN.
93c0f3cf-2575-4e86-9c0f-0080a1f7ded9-image.png