Hi guys, sorry for just jumping into a conversation, and thanks so much to all the people answering and asking questions, and, of course merlin; also so many great scripts are available here or on their sites, i think from lonleycoder and others, I forgot the other names right know, i've learned a lot by browsing the site.
maybe, could anyone tell me how to best configure a guest network for possibly infected devices with YazFi (which maybe adds an extra layer of security, i read somewhere on here) so any maleware wouldn't spread across the main network or that someone could use the maleware to break-in and alter the system on the AC, by the way, is there something like a NIDS or HIDS for the asuswrt-merlin and would a simple factory reset set all malicious changes back to a secure machine or do I need to do a nuclear reset or can they dig deep into the system, like a kernel infection, a nuclear reset probably wouldn't help in this situation and would make the infection permanent, right?
I use a AC68U, I will probably upgrade to an AC86U. normally, i think, one has to use a switch an extra firewall (possibly mini pc or alike) and a wireless-AP then connect it to the main network, but i'm not sure if I would need a switch in my small network. I'm planning on using a mini-pc as a firewall (sophos or pfsense?) to make my network more secure.
(reason I'm so security conscious: someone broke-in my network some time ago. i infected my notebook at an unsafe place (the notebook itself didn't directly show any signs of infections, but there were other signs (I don't want to go into details, because the breach "revealed" itself IRL, which caused a lot of distress) and when I connected it to a switch to record the traffic it send and receveid packets from ip's (i cannot remember, should have noted it somewhere) that are listed as possibly dangerous from abuseip[.]com), i tried to find out the malcious ip's through tcpdump (but that is, i think, not how this kind of things are usuallay handled) and block them through ipset/ iptables, but my knowledge is not enough to find out all possible ip's (i mean i could block everything from typical hosting providers that would also provide computing time), since they could be hiding through a normal google/amazon ip, right?, if they'd rent something like cloud computing time, i think, i could be wrong here, tough or they broke-in into someones private pc and use their ip).
i hope it is ok that my first post is a question, I'm not very used to post in forums and sorry for my lack of knowledge.
oh and client isolation would probably also be good for security, like chenks (what is exactly ment by two/one-way communication, so that a device could just communicate with others but they cannot establish a session?) asked.
thank you, guys.