Hello,
I use my openwrt as my secondary router and need to block ports 22 and 80 from the principal router (my ISP). I want to block the access to my ISP router but not the internet out from my LAN.
I can't find the firewall rule to do it.
Thanks a lot for your help.
If your openwrt router treats the ISP router as wan (reject, accept, reject) 22 and 80 are rejected by default.
Thanks for your answer and I wish you a happy New year!
So isn't posible?
The only thing I want is my lan users don't reach my ISP router, but still with internet as usual.
Do you have another solution?
And again thanks a lot
@LilRedDog was referring to the idea of connections to the OpenWrt admin interface from the wan side...
So, to clarify your topology and your desired outcome, it sound like you have:
Internet > ISP modem/router > OpenWrt router > client devices
and you want to prevent the client devices from reaching the admin interface of the ISP router? That's pretty easy to do...
You'll create a firewall rule that rejects all traffic to port 22 and port 80 from source zone lan to destination zone wan with an address specified for the ISP router's address (it's own lan address).
You are right 
, the solution is Very easy.
Thanks a lot and happy New year!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 
Hello,
The solution was adding a new rule in /etc/config/firewall where 55.55.55.55 is the IP address of my ISP router. With dest_port I selected the ports to be blocked separated with spaces.
</>
config rule
option name 'BlockMyISPRouter'
option src 'lan'
option dest 'wan'
list proto 'tcp'
option dest_port '80 443 20'
option target 'DROP'
list dest_ip '55.55.55.55''''
<>
PD. You can add more "list dest_ip" address if you want block another sites or equipment.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.