Access restrictions list

[DJones]

Access restrictions list; Anyways to make this list more the the limit of 4? Suppose Merlin might say it’s hardcoded that way, although I’ve had it bug out before and have 5, had to clear the whole list to replace one of them.

Not 100% sure why it bugged out but I have a feeling it’s because Diversion was added to the list when I installed it because it had a 192.168.1.2 ip and I don’t recall setting any devices as that. (Can’t now anyways because it’s outside the ip range)

 

[jtp10181]

What access restrictions list? Where is it in the menu? Or screenshot? I am trying to think of a page that limits to just 4 entries and cannot think of anything.

 

[DJones]

What access restrictions list? Where is it in the menu? Or screenshot? I am trying to think of a page that limits to just 4 entries and cannot think of anything.

( Administration- System ) Personally I’d like to have more then 4 devices have access least 5 or 10 max

 

[bennor]

What access restrictions list? Where is it in the menu? Or screenshot? I am trying to think of a page that limits to just 4 entries and cannot think of anything.

In the Asus-Merlin GUI, navigate to: Administration > System > Remote Access Config > Enable Access Restrictions. Select Yes for Enable Access Restrictions and the Access restrictions list should appear indicating Max Limit: 4. The tooltip info for Enable Access Restrictions is the following: "This feature allows you to restrict access to the wireless router via "Web UI" / "SSH" / "Telnet" to only specified IP addresses and networks from WAN (if Enabled) or LAN sides. "Telnet" access from WAN side is forbidden."

 

[jtp10181]

Ah, I have never used that feature. Are you worried that someone on your own local network is going to brute force your password and hack into your router interface? I could see using that if WAN access was enabled, but in both shots WAN is disabled so it should be local only.

 

[DJones]

Ah, I have never used that feature. Are you worried that someone on your own local network is going to brute force your password and hack into your router interface? I could see using that if WAN access was enabled, but in both shots WAN is disabled so it should be local only.

Nah, just a added piece of random security I chucked on could leave it off and never have a issue; they likely leave it at 4 for even more security so you have less devices that have access to your routers interface, but I don’t see that really being a issue unless theirs some unusual circumstance like someone guest shares their internet or something in a environment like a hotel or business and some nut try’s to brute-force their way into the interface.

The setting I turned it on when I setup my VPN tunnel but since that’s encrypted theirs really nothing to worry about in that sense, but for those that turn it on for whatever reason is a limit of 4 really necessary?

 

[jtp10181]

Something else I was looking at recently was people talking about the DHCP restriction, some models only support 64 and others 128. Looked like the reason for this was NVRAM storage space (for the config variables to be saved). There is a script that moves the DHCP config over to a JFFS file so you can go higher than 64. I would guess the restriction here is for the same reason, they cannot make it unlimited due to NVRAM space being limited, so someone decided a reasonable person would not need more than 4, thus the limit was set.

Now, if it is determined what config file those restrictions go into when the router boots and builds its configs, you could probably put in a user script to add more on without the limit in the GUI. Since it is restricting access to multiple services my guess would be it is an iptables rule that gets put in, and if that's the case you could easily just copy the rule into a firewall script and then add as many copies of the rule as you wanted with different IP's to allow through.