Firewall questions

Installing and Using OpenWrt Network and Wireless Configuration
1

hello, i want to drop a complete ip range like for example 43.0.0.0/8 and allow only 1 ip address (Ex: 43.1.1.1) which is a website to be accessed from my internal network - lan/wifi.

is this correct? or can it be done better?

config rule
	option target 'ACCEPT'
	option name '43.1.1.1'
	option family 'ipv4'
	option dest_ip '43.1.1.1'
	option proto 'all'
	option src_port '443'
	option dest_port '443'
	option src '*'
	option dest '*'

config rule
	option name '43'
	option family 'ipv4'
	option proto 'all'
	option src '*'
	option dest '*'
	option target 'DROP'
	option dest_ip '43.0.0.0/8'
2

Remove that.

You should use subnet blocking only as a last resort.

1 Like