I have an insecure device I want to have LAN only access. I don't want anything outside my network talking to it or vice versa.
Does this work? I'm worried this still allows wan devices to send packets TO the insecure device. The "source" is the static local IP I set (192.x.y.z).
This seems to answer my question
but the method is deprecated
More info here
You can simply remove the LAN to WAN forwarding rule.
Can I do this for a single device? Is this under Firewall - Port Forwards?
It's under the General Firewall menu.
I'm unsure what you mean by this question. You'd be editing the zone rule.
This is what I have now.
I don't want to block/firewall traffic for every device in my network. I want one single phone on my network to be LAN only (no connections to or from outside my house). The other devices on my network (routed by openwrt) still need to connect to the internet.
You can do this under Traffic Rules - making a rule that blocks a single device from SRC LAN to DST WAN. Caveat, you can block by MAC (this might be random on the phone) or IP (likewise because the MAC rotates).
You would block All protocols - IPv4 (and IPv6). Your rule in the screenshot only blocks TCP and UDP, so I wanted to make note.
the phone is set to a static IP via MAC in openwrt, so the ip should be the same. under 'advanced settings' I also set the MAC. my "phone" is actually an old internet of things box, so no randomized MAC to worry about.
As I said:
I'm worried this still allows wan devices to send packets TO the insecure device.
Can packets still get through? Because the "phone" is likely vulnerable (unpatched) I don't want some malicious packets coming in and being parsed by the "phone".
My interpretation of my screenshot is it prevents data from being sent FROM the "phone" to the wide internet.
edit: It looks like it's working. When I SSH to the phone, it can't run
curl -v https://example.com
successfully.
When I "save changes" to include all protocols (not just TCP and UDP)
ping 1.1.1.1
stops working (good).
Thanks a ton!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
