I got this working, thanks for your help. I can now access across VLANs is all set. Blocking internet all set.
Do I need to block IP cameras from seeing my LAN now? I want to RDP
blue Iris for configuration. I'd also like to be able to view blue Iris streams on wifi devices. How do I accomplish both without breaking the blue Iris part which is working currently?
For RDC, I created a group of IPs for the PCs, and then added a rule to allow all PCs to reach each other across the VLANs.
Likewise, you can allow any WiFi device to view, say, the UI3.htm from BI by the use of the same rules. With that rule, I can watch the cameras from any smart TV in the home which has a built-in browser.
For IP cameras, they should only be able to reach the BI machine. Build two new groups; one group is the camera/BI VLAN, the other group is all other VLANs you might have. Then in the LAN IN rules, add a new rule to block all traffic from the camera VLAN to the other VLANs, and set it lower in priority to any rule which allows specific devices to cross the VLAN divide.