The default seems to be to allow login access to the router via http (ethernet and WiFi) and SSH (WAN and LAN). I would prefer to limit login access to only the physical LAN ports via the ethernet ports (ie, no access form the WAN and no access from the LAN WiFi connections).
If I change Dropbear to only listen to the LAN, that prevents login access from the WAN (good!).
What can I change to only allow login acces from the LAN ethernet ports and not the LAN WiFi clients?