ACL to forward WAN to LAN TRaffic

Hi to all, i have an openwrt with

I would like to configure the device to allow only some hosts on the network via IP or MAC to reach all on the LAN.
can make all the hosts of the wan subnet communicate with the lan subnet but I don't understand how to implement an ACL.

You can help me?

:spiral_notepad: You didn't provide needed information (e.g. the WAN IP of the OpenWrt).

  1. On the upstream device - Make a static route on the router for via <interface> gw 10.0.1.x

where x == the IP of the OpenWrt

  1. Disable Masquerade on OpenWrt's WAN
  2. Create traffic rules allowing traffic - as desired


:bulb: Just make Port Forwards :wink:

1 Like

This is my configuration

with a traffic rule

but all wan host can reach every lan host...

where is error?

Edit your zone settings and disable zone-to-zone forwarding.