Forbid internet access on one of the router's ports

Linksys WRT1900AC v1, OpenWrt r19337, internet via PPPoE

I have a device (embedded computer, IOT) that must only connect to the internet via a proxy server (with filtering) running on my OpenWrt router. It must never access the internet directly. I can't trust the OS / software to always keep it's proxy gateway settings unmodified and never bypass them, nor try to call home disregarding those settings if the proxy refuses the connection.

One solution would be to connect this device to a dedicated router port that I remove from the bridge and LAN zone and deactivate all packet forwarding for that port.
How safe is this? I'm worried about a possible "race condition". There are routers known to bridge even WAN and LAN ports for a few seconds while booting. Is this the case for all routers with embedded switches? Is there a chance for the PPPoE to connect before the restricted port is removed from the firewall LAN zone?

Any other suggested solution?


Don't assign a gateway to the device.

1 Like

Can I do that from OpenWrt? I didn't see a gateway setting in static leases page.


Or assign a bogus gw.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.