I want to block all traffic (with the exception of 80 and 443) on a physical port (LAN).
AFAIK the built-in firewall only allows those blocks when you know the MAC-address of the device.
What if I want to block all traffic to WAN except http/https on the device which is say plugged in the second LAN-port of the openwrt device?
Is it possible?
So here is a small pictogramm:
+---------+
+------------------------+ | |
| Device with unknown no access to WAN except 80/4|3 |
| MAC-address +--------------------------+Port 1 |
+------------------------+ all access to LAN | |
| |
+-------------------+ | openwrt | +----------+
| device 2 | | +------------------------->+Internet |
| +-----------------------------+Port 2 | +----------+
+-------------------+ | |
| |
+-------------------+ | |
| device 3 | | |
| +-----------------------------+Port 3 |
+-------------------+ +---------+