Seperate vlan for IoT devices with no access to internet

Essentially, I want to create a VLAN which has no access to the internet but can communicate to devices on my LAN. The idea I have for the firewall configuration is:

Allow forward from src: LAN

Traffic rule:
Drop any traffic with a destination of WAN from IoT

and for example if one of the IoT devices had a web portal which it hosted I would do:
Protocol: TCP
src: IoT
src_port: 80
dest: LAN
dest_port: any
Action: accept

Is this generally a good way to go about something like this? Or is there another method which I should be using?

I had a look at some other posts but couldn't find quite the answer I was looking for! Thanks :slight_smile:

It depends on your personal preference, such as the level of paranoia, and the devices themselves, as some of them may require internet access to function properly.

Swap the source and destination and respective ports.

1 Like