Essentially, I want to create a VLAN which has no access to the internet but can communicate to devices on my LAN. The idea I have for the firewall configuration is:
IoT:
Allow forward from src: LAN
Traffic rule:
Drop any traffic with a destination of WAN from IoT
and for example if one of the IoT devices had a web portal which it hosted I would do:
Protocol: TCP
src: IoT
src_port: 80
dest: LAN
dest_port: any
Action: accept
Is this generally a good way to go about something like this? Or is there another method which I should be using?
I had a look at some other posts but couldn't find quite the answer I was looking for! Thanks 