Adding the Wifi AP to Blue pinhole to access internet?

Perhaps a silly question but its early and I was setting up my second AP when it hit me.

So I want to keep some WiFi BLUE devices off my GREEN, and allow others access, I have a variant of this rule in my FW to grant selected devices access to GREEN.

Now, should that include the Wifi AP’s or do I keep them off the Internet? All trusted BLUE devices get Internet via the Router anyway, but I am not sure what is practice, allow the AP access to Internet or not?

For one thing it makes FW updates easier… :stuck_out_tongue:

No opinion?

If AP Blocked from Internet

  • If the AP is set in DHCP mode (hands out DHCP IP addresses), then all of the devices connected to the AP will be blocked. It sounds like (for you) this is not true and you are in bridge mode.

  • The AP will not get firmware updates from the Internet (as you mentioned). So if you are only trying to control firmware updates OR the AP calling home, then block the AP.

my setup

  • My AP can access the Internet for firmware.

  • and I have my AP set to bridged mode so all wifi users get their IP address from the IPFire DHCP.

I am not sure this really helps… Is there some reason you want to block the AP?



It is indeed in Bridge. It only forwards IP’s from the IPFire router. No Internet access, unless I add its MAC to my list of trusted devices via my BLUE <> GREEN pinhole rule. And I can control any potential upgrades to firmware in other ways.

Was curious as to what others do, since I seem to find little info on “recommendations” for this scenario.