[SOLVED] Secure modem access

fantom-x · July 5, 2018, 4:27am

I have set up access to my modem via the router and it is all working fine, but I noticed that even my guest networks can access it by IP. I set it all up as below: is there a way to limit modem access only from a trusted network/interface?

config interface 'modem'              
        option proto 'static'         
        option ifname 'eth0.2'        
        option netmask '255.255.255.0'
        option ipaddr '10.X.X.X'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'
        option network 'wan wan6 modem'

Kherby · July 5, 2018, 4:51am

How about:

config rule
	option name 'Deny Modem Access'
	option proto 'all'
	option src 'YOUR GUEST INTERFACE NAME'
	option dest_ip '10.X.X.0/24'
	option target 'REJECT'
	option dest 'wan'

With this rule none of my guest clients can access my modem gui, telnet or ssh.

fantom-x · July 5, 2018, 11:59am

Thank you; it worked.

tmomas · July 11, 2018, 11:59am

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.