OpenWrt Forum Archive

Topic: Prevent forwarding traffic within the same zone/interface

The content of this topic has been archived on 10 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
kingler
17 Feb 2018, 22:10

Hello.

I have a interface (the standard interface) 'LAN'. My smartphone and computer are connected via Wifi to this interface. How can I prevent forwarding packets between clients that are connected to this interface. For example:

Computer 1 with IP 192.168.1.3 listens on port 6789
On Computer 2 I can access Computer 1 on 192.168.1.3:6789 or I can ping this IP.

I don't want it to be possible that computers connected on the same interface can communicate with each other. How can I prevent this?

Setting up a firewall rule:

config rule
        option name 'testrule'
        option src 'lan'
        option dest 'lan'
        option proto 'all'
        option target 'DROP'
        option enabled '1'

did not work.

Post #2
Antek
17 Feb 2018, 22:47

See wireless interface settings and the 'isolate' option.

To fully utilize it, you might need to dismantle the connection bridging between the local wired network (eth0 etc) and the the wireless network, if there currently is one. I'm not sure if the 'isolate' option works correctly if the networks are bridged together.

The discussion might have continued from here.