I created a firewall rule to prevent a device from connecting to the wan . Here is the rule:
config rule
option name 'HS200StudioOutsideBlock'
option dest 'wan'
list src_mac '02:0F:B5:EE:9B:F1'
option src '*'
option target 'REJECT'
list src_ip '10.10.10.218'
The rule is fine, just tested locally here and it works as expected.
@pluffmud - the firewall will not cut already established connections when applying the rule initially, see if it becomes effective after an echo f > /proc/net/nf_conntrack
Also note that without any specified proto, the rule will default to tcp and udp but not icmp or other protocols. I suggest to add an explicit option proto all as well.
Explicitly setting the src zone to be 'LAN' seems to have made it work . I dont understand why because 'LAN" is in the set of 'ANY" zone is it not ? Perhaps I am misinterpreting what the option src '*'
is doing