I have a few VLANs, and in each one I basically have it organized like this:
- Determine whether or not that device will need internet access, and add to an alias if so that will give it port 80, 443 and 123 and whatever else may be needed for wan on that VLAN (for example, ports to connect to blizzard, steam, etc).
- Some devices (like my home assistant server) will get access to specific ports for MQTT, to talk to my LG TV, etc)
Is that best practices, or is it better to basically have each device listed with the specific ports they will need? The only problem I can see with they way I have it now is that some devices that get glommed into the wan alias will also get access to ports they do not need. Eg. A phone that is in the wan alias may also get access to blizzard, steam ports, etc.
My man, that ruleset looks beautiful.
Thank you!