Please don't necro threads. This was from 2 years ago. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
None of the firewall commands in this thread worked for me in blocking communication between VLANs. For whatever reason, adding any of my VLANs to br0 completely broke them. The same happened when I tried to create a new bridge. However, thanks to the info found on this thread, as well as on this site, I was able to put together a command that did the trick:
Quote:
iptables -I FORWARD -i vlan+ -o vlan+ -j DROP
This blocks communication between ALL VLANs though, which is a problem if you're using the WAN port. I'm using Client Mode wireless for Internet access instead though, so using this as-is was perfect for me. If you need to be able to communicate with the WAN port, my guess is that adding the following two commands beneath the one above will work, though I haven't tested this:
Lastly, I'm also using this command to block the subnet that my normal LAN is located on:
Quote:
iptables -I FORWARD -s 192.168.1.0/255.255.255.0 -j DROP
P.S. phuzi0n, I know you said not to resurrect an old thread, but I feel this information is still applicable today. After all, I found this thread when doing a Google search and it let me to a solution for my almost identical problem. As such, I felt I should share this information here.
