Simple traffic firewall rule not working

I'm pretty new to OpenWRT and its features and I'm kinda stuck on this one. At home i have a lot of IoT devices. I want them to keep them isolated from the main network. I have them all connected to one Router/AP. Here is a picture that explains how my network is set up:

I've tried isolating them from the main network by adding a single traffic rule that blocks all traffic from the IoT Router's IP ( to all other devices in the LAN interface
But for some reason Its not working. I've tried changing the action between "reject" and "drop", changing the source zone and placing the rule in the at the top and at the bottom of the list but no luck.

I know that the rule is not working because when I connect my laptop to the IoT router, I can still access my Home Server.

If you can help me find the issue I'll be really thankful :slight_smile:

Here is he rule itself

Main network and IoT one are conected at layer 2 whatever rule you create in the firewall. You need to create vlans to isolate them at layer 2, then isolate at level 3 using firewall rules

I know that vlans are the best solution for this but at the moment I don't have a managed switch and plus the device that im using with OpenWRT isn't really good. Isn't there any chance to block all traffic from one specific IP? I will be upgrading most of the gear in the near future.

You can't block at L2 if you're using a flat network. If VLANs are not an option right now (hint: you might be able to achieve this now, but more info would be needed), you can block at L3 using the firewall in the IoT AP/router device.

On that IoT router, you will setup a rule on the IOT's LAN that drops all traffic to the main network.

If you want to explore the VLAN option, this may be possible if you can connect the IoT AP directly to the OpenWrt router (i.e. not through the unmanaged switch). Then you can use OpenWrt's firewall to perform the block.

1 Like