i have 2 different vlan one is pubblic and the other one is private, i already maked a different firewall zone, devices on pubblic vlan can't even ping client on private vlan, but if on public vlan i try to access to private gateway i can access to luci login menu, and ofcourse i can access luci also on pubblic gateway
my goal is to deny every lucy gateway access from pubblic vlan
i'm not a command line ssh expert, so i whould like to reach the purpose if possible using luci
It should be possible via Firewall >> Traffic Rules... Deny access to port 80,443 and 22 for SSH.
I'm running a isolated guest network (wired+wifi) for some clients and blocked Luci,Modem and SSH access via Traffic rules. It's working fine here...
edit: thank you i had some trouble but now it works
i have one last problem related on this, my lede router work under isp modem, i can still access to it from my public vlan, i've tryed to do the same for his ip on trafic rules, but doesn't work, any suggestion?
Is your ISPmodem connected with the WAN port of your OpenWRT router ?
I've blocked access to my bridged modem on my main router for the guest/public network, so i guess it should work for you as well.
If you truly want to isolate your public network clients i would suggest to take a look at my rollercoaster Thread about wifi+wired client isolation (in my case over two Routers)...
I've started with OpenWRT + Tomato and ended up with OpenWRT + OpenWRT.
At the end it finally worked out: How to prevent Guest Network clients to communicate with each other?