Hi all, with my Asus router, it is super fast and easy to block internet device for any LAN device. It blocks MAC address. It still keeps LAN access but only disables internet.
Is it easy enough to do with 23.05.5?
I guess you can do it by using a fw rule, that should be fast and easy too
Remove LAN to WAN default forwarding Allow rule.
pull the WAN cable, works with any firmware and client, not only openwrt.
4 Likes
Should work with a fw rule that reject the traffic from src mac address in scr lan zon to dst wan zone.
1 Like
... as long as MAC isn't randomized.
True.
it such case it could impersonate any device at any time.
The option I see, thinking quickly....create a parallel SSID/wifi interface and attach the sensitive device to that SSID/wifi interface, then attach a IP range to that SSID/wifi interface and apply the necessary rules on the fw to block/filter traffic as needed.
Alternatively move to certs auth on the wifi side or similar but that might be not an option of the wireless network and all the devices attached to it.
Is this possible this on OpenWRT? I guess so, I never tried myself... yet.
But as per my OP, I want internet disabled for a specific device, not all LAN devices...
ASUS routers make it very easy. Pick from a list of current LAN devices and then 'block internet' for it. Internet is blocked for that MAC address.
As I said above, but even asus can’t handle mac randomization.