You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per the title, no additional rules are allowed for traffic from guest zone to wan but no restrictions have been implemented if there are other routers after the wan interface.
Please implement an additional rule to the documentation https://openwrt.org/docs/guide-user/network/wifi/guestwifi/start
keep in mind to limit outgoing traffic from the guest zone to
only internet traffic and which cannot send packets to others
router present in the wan
Personally I have created a new rule that blocks traffic to private networks (but perhaps there are valid alternatives to this but I ignore it).
Attached is a standard rule to add (if considered optimal and functional to the needs).
uci -q delete firewall.guest_private
uci set firewall.guest_private = "rule"
uci set firewall.guest_private.name = "Drop forward guest zone to private nets"
uci set firewall.guest_private.src = "guest"
uci set firewall.guest_private.target = "DROP"
uci set firewall.guest_private.family = "ipv4"
uci set firewall.guest_private.dest_ip = "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
uci set firewall.guest_private.dest = "*"
uci set firewall.guest_private.proto = "tcp udp icmp"
The text was updated successfully, but these errors were encountered:
ncompact:
As per the title, no additional rules are allowed for traffic from guest zone to wan but no restrictions have been implemented if there are other routers after the wan interface.
Please implement an additional rule to the documentation
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/start
keep in mind to limit outgoing traffic from the guest zone to
only internet traffic and which cannot send packets to others
router present in the wan
Personally I have created a new rule that blocks traffic to private networks (but perhaps there are valid alternatives to this but I ignore it).
Attached is a standard rule to add (if considered optimal and functional to the needs).
uci -q delete firewall.guest_private
uci set firewall.guest_private = "rule"
uci set firewall.guest_private.name = "Drop forward guest zone to private nets"
uci set firewall.guest_private.src = "guest"
uci set firewall.guest_private.target = "DROP"
uci set firewall.guest_private.family = "ipv4"
uci set firewall.guest_private.dest_ip = "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
uci set firewall.guest_private.dest = "*"
uci set firewall.guest_private.proto = "tcp udp icmp"
The text was updated successfully, but these errors were encountered: