Posted: Sun Sep 27, 2020 15:11 Post subject: WAN access restriction also blocks local network routing
I'm not sure if this is a bug or working as intended.
My primary network is 192.168.1.0/24 and guest (IoT) wifi on 192.168.2.0/24 with router on 192.168.1.1.
I have a few firewall rules enabling full access from primary LAN to guest LAN as well as limited access from guest LAN to the MQTT port on a primary LAN host. This all works perfectly so I'm hoping to refrain from posting my iptables but will post redacted if it is needed.
My goal is to enhance privacy by blocking Internet access for some IoT devices, so I enabled WAN access restrictions from the GUI for select IoT hosts. While it did work, it also blocked those hosts from reaching the MQTT server on the primary LAN. In other words, blocking WAN access doesn't just block WAN, it blocks all routing.
Is this a bug? Shouldn't WAN access restrictions only block exiting from WAN?
For now I will have to use iptables to achieve the same.