Comment by bobbob1921

Excellent set up, and in fact exactly what I’m using / how I’m set up. In addition for a few IOT type sensors and things like thermostats around my house, I have another vlan as well as a dedicated SSID tagged for that vlan, that only allows Internet access and everything else is dropped for that vlan. (Ie a firewall rule on the forward chain that drops anything in on that IOT vlan, that has a destination address of the private ip ranges: ie dst= 10.x or 192.168.x or 172…. anything locally that needs to access those sensors does so through the cloud/Internet, and for the one or two device devices that need to access them locally I have a fw rule allowing just that devices IP