Help to create a rules for firewall

Hi everyone, I need some help to set up a rule on the firewall . I have some devices on my lan that I want to access the wan at the same time only to some IPs on my lan network.

  1. is it possible to create a unique rule?
  2. is it possible to create these rules based on MAC addresses instead of IP?

For example a phone that can use wifi for navigate and communicate only with router or printer.Thanks

What do you mean 'unique' rule? See documentation.


Hi, i prefer to use luci interface if is possible.

OK, use it without me :slight_smile:

1 Like

You would follow the instructions, simply making the rule on the web GUI. Since you really don't provide any detail on what problems you're having with the web GUI after reading the wiki, just let us know if you run into any problems.

  1. To block LAN-to-LAN traffic the devices need to be placed on 2 different LANs first, as LAN traffic never touches the firewall, hence can never block them from reaching other LAN devices
  2. Yes; but be advised that some new devices (e.g. smart phones) rotate their wireless MACs for security purposes

OK, in this example it seems you want to block the device from reaching WAN, yes this is possible in your current example - as the traffic would pass thru the router from LAN to WAN (so it can be firewalled).

1 Like

Hi @lleachii I can give you an example . For example, I have a mobile phone that:
Wan = full access
Lan = only some devices such as printer and obviously router for routing. So selective access on the LAN (indicating each host).
Devices on the LAN not mentioned must not communicate with the mobile phone.