I have 2 routers, 1 is a ISP modem/router with a home network with printers and a Pi etc., and 1 is a OpenWRT router connected to a Wireguard VPN via the ISP modem/router.
Setting up Wireguard was easy thanks to this step by step guide. However, when a computer is connected to the OpenWRT router it can't access the ISP modem/router anymore. I want to allow 1 computer with the MAC address *************** to access IPs 192.178.1.1 -- 192.178.1.255. Would the following firewall rule do what I want without creating a security problem?
How is the computer connected to the OpenWrt router? Ethernet/Wifi, or via Wireguard?
First, this is wrong -- it should be 192.168.1.1 - 192.168.1.254, or more generically, 192.168.1.0/24
It isn't clear to me if you are trying to allow a specific computer that is connected via WG to access the upstream modem+router, or if it is connected via ethernet/wifi locally. Over WG, the MAC address will not be an option, but you could limit via IP address. Locally, this will can be done.
Take another look at your rule -- you have 192.178.1.1 which is incorrect (maybe it is supposed to be 192.168.178.1, but you have a typo if that is the case).
What you'll want to do with the firewall is to create a rule that allows the computer with the permitted MAC address to access the 192.168.178.0/24 network, and then drop all others attempting to access that network.
Would this allow only the permitted MAC address to access the 192.168.178.0/24 network?
If I understand it correctly then "drop" means that traffic is not allowed except when there is an explicit rule that allows it. Could I create a second "forward rule" where the "Source MAC address" is "any" instead of "***************" and where the "Action" is "drop" instead of "accept"?
Also, would a rule "drop" be necessary? Right now, a computer connected to the Wifi of the OpenWRT router can't access the 192.168.178.0/24 network.
The rule you showed should, in theory, allow the specific system to connect to the upstream network. A second rule with the action drop would be necessary (and the order matters).
If things aren't working, please post the following files (ssh into the router and use the cat command; copy and paste into a reformatted text block):
/etc/config/network
/etc/config/firewall