Smart Home Subnet - Client Isolation with access to one server

shafr · January 22, 2025, 9:26am

Hello everyone,
I have a separate IOT interface, wifi ap, and iot firewall for smarthome devices.
I want to isolate all clients in this firewall zone, but I want them all to be able to access home-assistant (HA) under 192.168.1.2, and for HA to be able to access all devices back.

I've tried:

wireless interface client isolation + firewall rules to allow for HA to access all and all to access it - it was not working (everything is blocked, devices cannot reach HA)
just firewall rules blocking all communication + firewall rules (as on screenshot) - not blocking at all, opposite of previous

Is it possible at all to implement ?

Thank you.

Bartvz · January 22, 2025, 9:39am

Yes, that should be possible but would require a lot of static IP's, rules and disabling the isolate feature if I am not mistaken.

shafr · January 22, 2025, 1:37pm

Meaning firewall rule per static IP, allowing traffic to flow just to HA?

<device> -> HA (allowed)
HA -> iot (allowed)
some deny rule for all other communications on IOT

Bartvz · January 22, 2025, 2:24pm

Yes, that's what I mean