Help to create a rules for firewall

stevennausak · December 11, 2021, 11:49am

Hi everyone, I need some help to set up a rule on the firewall . I have some devices on my lan that I want to access the wan at the same time only to some IPs on my lan network.

is it possible to create a unique rule?
is it possible to create these rules based on MAC addresses instead of IP?

For example a phone that can use wifi for navigate and communicate only with router or printer.Thanks

ulmwind · December 11, 2021, 12:05pm

What do you mean 'unique' rule? See documentation.

stevennausak · December 11, 2021, 12:07pm

Hi, i prefer to use luci interface if is possible.

ulmwind · December 11, 2021, 12:08pm

OK, use it without me

lleachii · December 11, 2021, 6:08pm

You would follow the instructions, simply making the rule on the web GUI. Since you really don't provide any detail on what problems you're having with the web GUI after reading the wiki, just let us know if you run into any problems.

To block LAN-to-LAN traffic the devices need to be placed on 2 different LANs first, as LAN traffic never touches the firewall, hence can never block them from reaching other LAN devices
Yes; but be advised that some new devices (e.g. smart phones) rotate their wireless MACs for security purposes

OK, in this example it seems you want to block the device from reaching WAN, yes this is possible in your current example - as the traffic would pass thru the router from LAN to WAN (so it can be firewalled).

stevennausak · December 16, 2021, 10:49am

Hi @lleachii I can give you an example . For example, I have a mobile phone that:
Wan = full access
Lan = only some devices such as printer and obviously router for routing. So selective access on the LAN (indicating each host).
Devices on the LAN not mentioned must not communicate with the mobile phone.