Help setting up Firewall rules

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
007craft
DD-WRT Novice


Joined: 26 Apr 2021
Posts: 2

PostPosted: Mon Apr 26, 2021 21:01    Post subject: Help setting up Firewall rules Reply with quote
I was wondering if somebody could let me know what commands I need for the setup here that Im trying to achieve.

I have

Vlan 1 - 192.168.1.1
Vlan 2 - Wan
Vlan 3 - 192.168.3.1

I have 4 devices on Vlan 3 here in use:

192.168.3.10 - My NVR
192.168.3.100 - Ip Camera 1
192.168.3.101 - Ip Camera 2
192.168.3.102 - Ip Camera 3

I want to make it so Ip Cameras can not access Vlan 1 or 2. At the same time, I need the NVR to be able to access Vlan 1 and 2. How can I setup rules for this scenario with IPtables? Thanks.

Netgear R7000
Firmware Version
DD-WRT v3.0-r44715 std (11/03/20)
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Apr 28, 2021 8:16    Post subject: Reply with quote
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328963
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
007craft
DD-WRT Novice


Joined: 26 Apr 2021
Posts: 2

PostPosted: Wed Apr 28, 2021 16:27    Post subject: Reply with quote
It is similar to the rules posted there but they are for a different use case it seems. Im looking to drop all traffic on the vlan while allowing the one particular IP of the NVR server to remain on the internet (and possibly still communicate with the rest of the network, but im not sure if I need that or not). I came up with these rules, is this correct?

iptables -I FORWARD -i vlan3 -o vlan+ -j DROP
iptables -I FORWARD -s 192.168.3.10/255.255.255.0 -j ACCEPT

192.168.3.10 being the IP of my NVR, which is on vlan 3
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum