dungears DD-WRT Novice
Joined: 08 Apr 2021 Posts: 2
|
Posted: Thu Apr 08, 2021 23:37 Post subject: How do you block WLAN access but allow LAN access? |
|
I'd like to use steamlink to stream video from my PC to my smart TV, but I have security concerns with connecting my smart TV to my network.
Is there a way in the DD-WRT settings to allow a device to talk on the LAN, but not to the internet?
On the access restrictions tab, I see you can "block internet access" using policies. But I can't find an explanation of what this does. Does it do what I'm describing above? Or is it blocking all traffic including LAN traffic?
Thanks. |
|
Alozaros DD-WRT Guru
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
|
Posted: Fri Apr 09, 2021 20:18 Post subject: |
|
iptables -I FORWARD -i br0 -o $(get_wanface) -p tcp -s xxx.xxx.xxx.xxx -j REJECT
iptables -I FORWARD -i br0 -o $(get_wanface) -p udp -s xxx.xxx.xxx.xxx -j REJECT
add those lines to commands>box>save firewall script
lets presume that xxx.xxx.xxx... must be your device IP, as well...make sure it is on br0..or replace br0 with its bridge number..if its different _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913 |
|
SurprisedItWorks DD-WRT Guru
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
|
Posted: Sun Apr 11, 2021 19:16 Post subject: |
|
And in GUI>Services>Services give the device a static lease to fix its IP address. Otherwise it's apt to get different ones at different times, and trying to block it will just frustrate you. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN. |
|