[Solved] Block Secondary Router Accessing Primary Router Address Range LEDE/OpenWrt

Hi all, first time poster long time reader.

I am trying to achieve a stand alone router running openvpn server so that I can log into this router and access only devices connected to this router.

My current setup has my primary ISP provided router with standard firmware address range, secondary router is LinksysWRT1900acv2 with openWRT/LEDE installed address range

I have set up openVPN server on the Linksys using openWRT.org guides and everything is working fine, I can connect from inside and outside my network.

I would like the Linksys to be isolated from my ISP router except for ISP router log in page ( and Internet. Currently if I am connected through the Linksys (vpn or local) I can access all my ISP router IP address.

Added the following to my linksys firewall, not quite what I was trying to achieve but close enough

config rule
        option name 'Block_Primary_Router'
        option dest 'wan'
        option proto 'all'
        option src '*'
        option dest_ip ''
        option target 'REJECT'


You could add an allow rule for the one login page IP you want to allow before the deny rule. I think that would do everything you asked for.

Thanks for that, works well.

If your problem is solved, please consider marking this topic as [Solved].