Restrict WiFi (for sharing)

I want to share my WiFi with many people. Now I already set up separate VLAN (aka guest network).

Now I need to do following only on guest network:

  • Block all 18+ crap
  • Block VPN (if not possible separately, block everything that are not connection to websites)
  • Block search between devices
  • Shape speed (10 Mb/s)

Can you help me with this?

Install adblock, but use a xxx site list.

There are IP lists for this, you can use them with banip,
or just block the standard VPN ports, or both.

Enable client separation.

Per client, or grand total ?

For now I enabled family DNS but it seems not really good as it affects search too. Can you share such list?

Is there any list?

Where to search toggle?

Per client

Googled, haven't "tried" them ,)

Google it, but
OpenVPN: UDP 1194
Wireguard: UDP 51820

"Client isolation", advanced settings in the general tab, of the SSID.

You could install the QoS scripts, but they're reactive, meaning they will allow the clients to go above the set speed limit for a split second, before they cap it.

There is also nft-qos and luci-app-nft-qos

1 Like

Those were the ones I was thinking of, but was too lazy to look up, thnx!

Thank you. This works!

Tunnelbear works even after block :frowning:

Done! Thanks!

Thanks!

Also see:

You can set your WAN DNS server for these to provide blocking for your entire network, or assign them via DHCP Option No. 6 on the Guest VLAN.

Might be harder to block, unless you do packet inspection, you'll have to google it.

Check if the VPN IP list work here, using the banip package.

1 Like