How to create a firewall zone to separate servers and pc's

So my idea is to protect pc's and cellphones from the servers in a small company. In the case some servers get compromised, the other users can be less vulnerable. What can be done? Is there some tutorial about it?

Loads. Google is your friend.

Do you intend to use OpenWRT as part of your solution? This is a forum for OpenWRT.

1 Like

Yes, use the OpenWRT firewall for it.

In that case, configure firewall zones for the subnets (interfaces) pertaining to the devices whose traffic you want to control.

Then configure a set of rules to permit and deny the appropriate traffic between those zones.

Before you dive into setting up the zones and rules, I suggest working it out on paper first. Draw a diagram so you can work out what lives where and what it should be allowed to communicate with (or prevented from communicating with).

1 Like

Thanks for the advice, I need to study it a bit more.
Found an interesting video and would like to share with other users trying to achieve the same as me:


Excellent. Thank you both for doing some research and for coming back to share your results.

I see "iptables" in the still screenshot for that video. Be aware that the latest OpenWRT uses nftables, not iptables.

Depending on the content of that video (I haven't watched it), this might not be an issue. OpenWRT abstracts the firewall from the operator, so the distinction is only important if you need to edit iptables/nftables rules directly rather than by using LuCI/UCI/etc/config/firewall.


There is also a tutorial for the same thing the video describes.
Since we are talking about servers, the access is going to be wired, so you'll also need to add some port on the new interface for the DMZ (or SRV) interface.

1 Like

Thnaks, indeed yesterday I created a ghest zome from an old tutotrial as described here:

Still have not found something to create a specific firewall network only for servers...ideally with wlan off and with necessary ports open for each server.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.