Hey! First timer with VLANs here. I am testing my first VLAN created network called test49, which I plan to use for IoT devices.

I want these devices to reach the Internet, without having access to my LAN network. I've created a simple rule for this matter:

r/PFSENSE - VLANs - How to allow access to a SINGLE IP from another LAN network?

This works like a charm. A device inside the test49 VLAN has access to the Internet, but without reaching to my private network. Now I want to allow access to the device inside test49 network to reach a SINGLE IP from my private network (I need this to keep my IoT devices connected to Home Assistant).

The HA (Home Assistant) has an IP of 192.168.2.14 and it's located on another network, which is not VLAN. This is the rule I created, and it is located at the top of the FW rules for test49 VLAN:

r/PFSENSE - VLANs - How to allow access to a SINGLE IP from another LAN network?

I thought that FW rules are read in order - meaning the first one should have the most weight. What am I missing, because this rule is not working? The device in test49 VLAN cannot reach 192.168.2.14

EDIT: Of course the problem wasn't inside pfSense but in me! I performed all of those tests via ESXi VMs, and it turned out that the ESXi virtual switch wasn't passing the VLAN packets to the VMs! Solved it via ESXi itself. Thank you all for helping!