Sorry SIW.. I most definitely was not trying to over complicate things, and bog users down, just trying to learn a bit about iptables and the configuration of dd-wrt, I appreciate your input.
My overall goal here is to isolate the br1 network from the br0 network. I need to allow the br0 complete access to br1 but I do not want br1 access to br0, br1 should have access to the WAN/internet.
"Net Isolation", I assume that will that totally isolate communication between br0 and br1? I think I get that. I'm assuming that would allow communication on both networks to the WAN/internet but no communication between the 2 networks.
Is there a GUI for viewing the default firewall settings?
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Mon May 10, 2021 19:59 Post subject:
Ah... I had lost that you wanted to limit br1's access to br0 but without full Net Isolation (about which you are correct). Seems to me that would be
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j REJECT --reject-with icmp-host-prohibited
I'm not at all an iptables/firewall expert though, so perhaps someone else will chime in if I've missed the boat.
There is nothing in the GUI for seeing the default firewall, but you can see it in the CLI with iptables -vnL or you can focus in on a part of it with things like iptables -vnL FORWARD
iptables -t nat -vnL POSTROUTING
(And sorry about getting a bit crabby. Usually a sign I'm trying to squeeze too much into too little day!) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.