I have a couple of zones. LAN, WAN, VPN.
The LAN is used both by ethernet cable and wifi via a bridge.
The WAN is nothing special, just a standard WAN.
The VPN is going to our cloud service provider so that we can access our servers internal IP addresses. All this is in place.
In firewall I have the following zone forwardings:
General settings: Input=Output=Forward=Reject
LAN > WAN, VPN Input=Accept, Output=Accept, Forward = Reject
WAN -> Reject Input=Reject, Output=Accept, Forward = Reject
VPN -> LAN Input=Accept, Output=Accept, Forward = Reject
Now to the question. The servers in the VPN is a bit sensitive so I would like to have an extra restriction so that only certain computer on the LAN can access this zone. Is this possible? Preferable would be to have some kind of authentication (Like in OpenBSD that have authpf over ssh).
As a last resort maybe I could limit access using MAC addresd of the computer.
Is something like this possible with OpenWRT?