Due to the safety issues I have to configure a VLAN to set the "nameless" (undiscoverable) client hosts in it and deny (via IPFW) any access to the servers, except ports 143 and 587 on the mail server. How it can be set up most effectively?
Server runs FreeBSD-13.1, has dhcpd, BIND 9.16...