Linux 4.18 added the following feature:
bridge: add support for port isolation. Isolated ports cannot communicate between each other, but they can still communicate with non-isolated ports
The info text in luci suggests that this feature is supported by OpenWrt. "Bridge port specific options">"Port isolation".
A line with "option isolated '1'" is added to the corresponding "config device" section in /etc/config/network
.
But it seems that OpenWrt is only changing the config files but not enforcing it:
root@OpenWrt:~# cat /sys/class/net/main2lan/brport/isolated
0
Manually enabling it either by writing 1 to the sysfs file or using the bridge command (from ip-bridge) does work. This would be the expected behavior.
root@OpenWrt:~# cat /sys/class/net/main2lan/brport/isolated
0
root@OpenWrt:~# bridge link set dev main2lan isolated on
root@OpenWrt:~# cat /sys/class/net/main2lan/brport/isolated
1