I have a few hosts on my network that I'd like to limit access from the rest of the network. Ideally, these hosts should really only be able to send out, and not touch the rest of a LAN, similar to a guest network. E.g. Work Laptop that will only VPN or a friends virus infected Windows box. It's also possible that these hosts will be wired as well as wireless, so an AP10/AP30/AP50 suggestion won't be a full solution. The Astaro Box only has two LAN (External & Internal) so I can't create a separate LAN at this time.
The real goal would be to have two DHCP servers, one that is static mappings only that has full access to one another, and another that is isolated, and can only go out. This way I don't have to block things manually each time a new host joins the network. Unfortunately, I've looked into this, and the only way I could see this being conceivable is to create a network group of the allowed DHCP Server Hosts and a network group of the guest DHCP Server hosts and instead of using Internal (Network), use those network groups to create rules, if this would even work and block traffic between the two.
With packet filtering, I've tried to block all packets (drop / reject) from the host using Host --> Any --> Any, but I have a funny feeling that the other rules in my list, which are allowing Internal (Network) --> Terminal --> Any and others are causing the block rule to be futile. If this is the case, do I have to have a network setup that only allows the hosts that I trust, and instead of using Internal (Network), use each individual host or a network group.
I apologize for the juggling thoughts. Just trying to keep my trusted hosts safe and unaffected by work and guest devices.
This thread was automatically locked due to age.
