[mariobiron]

Hello,
I am on Netgear R7000, using Firmware DD-WRT v3.0-r36070M kongac (05/31/18 )

I have created a virtual AP for the kids at home on wl0.1
At certain time of day, I want to remove the internet from any devices connected to this virtual AP.

At first I tought I could use "wl" to put the interface up or down but it didn't work.

I am now thinking about using a combinaison of cron/iptables to achieve this goal.

I don't know the first thing about iptables so I read on it and came up with 2 lines that, in my mind, would do the trick:
iptables -A INPUT -i wl0.2 -j DROP
iptables -A FORWARD -i wl0.2 -o vlan2 -j DROP

But I am still able to browse internet when connected to this vAP.

Any ideas what my iptables rules should be, or do you have any other suggestions to reach this goal?

Thank you

[egc]

Use -I instead of -A
Use wl0.1 instead of wl0.2

[mariobiron]

Hello!

My mistake on wl0.2 vs wl0.1; type the wrong number in my question but I did enter 0.1 on the router command line.

I just tried using "-I" instead of "-A", still can access the internet using a device that is logged to that virtual AP.

Any other idea?

Thanks

[egc]

Did you unbridge the wl0.1?
If it is bridged it will not work.

[mariobiron]

Hello,
but won't unbriding wl0.1 prevent this segment from accessing other computer and resources in the local network?
Thanks

[egc]

No not unless you enable net isolation.
But you can only use ip address, there is no discovery between subnets