You will need a rule in the rules section. Assuming that you are using the LAN interface for your CP access and Opt1 for your office LAN. When you install Mono, it installs a default rule for the LAN interface allowing it access to anywhere. You will need to add a rule to that interface above the existing rule to block access to opt1 subnet. Then add a rule for the opt1 interface allowing traffic from opt1 network to any. If you wish to block access for Office LAN traffic to LAN you will need a rule above this blocking access to the LAN network. Please note, the rules are processed in order, so if you use a destination any rule and you want to block access to certain parts those rule need to be above the any rule.
If you want to make your network more secure, you could look at creating individual rules for ports used on the internet such as http(s) ftp etc and then block everything else.
|