Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

== Step 3: Configure Firewall Rules ==

Now, we’re going to block this from connecting to anything.

<span id="block-maliciouswifi-to-everything"></span>
==== 3.1 Block maliciouswifi to everything ====

<ol style="list-style-type: decimal;">
<li><p>Navigate to: '''Firewall &gt; Rules &gt; MALICIOUSWIFI'''</p></li>
<li><p>Add this rule:</p>
<ol style="list-style-type: lower-alpha;">
<li>Block Inter-VLAN Access:</li></ol>

<ul>
<li>Action: Block</li>
<li>Interface: '''“MALICIOUSWIFI”'''</li>
<li>Protocol: Any</li>
<li>Source: Any</li>
<li>Destination: Any</li>
<li>Description: '''“Block maliciouswifi access to everything”'''</li>
<li>Click Save</li></ul>
</li></ol>

==== 3.2 Add allow rules for devices you wish to speak to one another. ====

Right now devices connected to this wifi network can’t connect to anything. Even if it were a malicious device that were going to try every IP on this subnet after spoofing its MAC address and try to get access to the outside world, it’s stuck.

We would want to add rules '''ABOVE''' the ''“Block maliciouswifi access to everything”'' rule for things we did want to talk.

For instance, let’s say a wireless camera were attached here. We would want to add a rule to allow traffic from the camera, let’s say it’s at <code>192.168.7.15</code> to the frigate machine at <code>192.168.5.2</code> , and then another rule to allow traffic from the frigate machine to the camera. This rule would be listened to ''before'' the rule to block everything.

You can use this to make sure that the thermostat only communicates with home assistant, that the fish camera only communicates with your VPN, etc. It’s a great way to keep untrusted devices from having rampant access to everything.

<span id="step-4-tp-link-omada-controller-sdn-installation-guide"></span>