What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Feature Request: "Guest" Wireless Intranet ONLY

P

Potato Sack

New Around Here
Merlin,

Thanks for what you do - great firmware, rock solid. I'm wondering if there's a possibility you could add a third option to the Guest Wireless feature.

Basically, I want the option of a Guest Wireless network that can access the internal network, but NOT the internet. Bonus points if you could firewall certain ports and IPs between the untrusted guest network and the trusted network.

I have some devices on my network that I explicitly don't want to talk to the internet for any reason (think IP cameras with suspect Chinese firmware), and I think this would be a good compromise.

Happy to donate for your time!

Thanks!
 
Try creating a rule for that camera's IP under Firewall -> Network Services Filter, blocking ports 1:65535.
 
RMerlin said:
Try creating a rule for that camera's IP under Firewall -> Network Services Filter, blocking ports 1:65535.
Click to expand...

Does this block the "ping" command?

If not, is it possible to stop pings through the GUI?
 
Nullity said:
Does this block the "ping" command?

If not, is it possible to stop pings through the GUI?
Click to expand...


This was actually going to be my next question. The Network Services Filter is OK for making broad rules (blocking 1:65535 on either TCP or UDP), but a little short on doing other things, like:

1) blocking ICMP (this has to be done globally, not per-IP)
2) Adding an exception for certain other types of communication (block everything outbound except NTP, or block everything except to one specific internal IP)
3) Adding more than one type of rule per IP

etc.

I suppose you could start mucking with iptables via CLI, but not sure how to make those changes persist.
 
You must log in or register to reply here.

Similar threads

T
GT BE98 Pro Guest Network Cannot Disable Intranet Access
Replies
3
Views
431
bennor
B
G
Access webserver on lan synology from guest network on AX88u router
Replies
1
Views
503
grottoguy
G
F
Solved IoT's and Intranet
Replies
16
Views
3K
pjd50
P
V
Guest Network - RP-AX58 & RT-AX58U
Replies
1
Views
519
Valyno
V
vlord
gnMerlin - Guest Network Isolation
Replies
4
Views
1K
tnkrer
T
Similar threads
Thread starter Title Forum Replies Date
D Feature request: Two factor authentication web login. (TOTP) Asuswrt-Merlin 8
M [🙏 Feature request For Asus Merlin] Add Public WiFi Mode for GT-AX11000 Asuswrt-Merlin 7
G Feature request: firewall url filter log Asuswrt-Merlin 0
Q [Feature Request] Schedule DoS Protection state and/or whitelist option Asuswrt-Merlin 5
mekki Solved UPDATE: No longer required. See thread. - [Feature request] Option for DHCP Query Frequency Backoff Mode Asuswrt-Merlin 76
F Several Questions Re:Asuswrt-Merlin Feature Implementation Asuswrt-Merlin 2
L Feature suggest: web notifications Asuswrt-Merlin 1
cyruz Reversing the web node reboot feature Asuswrt-Merlin 0
S GT-BE98 Version Request Asuswrt-Merlin 9
K Request for v2ray installation training on RT-AC5300 router Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 640 (members: 19, guests: 621)
Back
Top