idahomili.blogg.se

Iptables -t nat -I POSTROUTING -s 10.8.100.0/24 -o $(get_wanface) -j MASQUERADE Iptables -I INPUT -i br1 -p tcp -dport 80 -m state -state NEW -j REJECT #iptables -I FORWARD -i br0 -o br1 -m state -state NEW -j REJECT #iptables -I FORWARD -i br1 -o br0 -m state -state NEW -j REJECT # isolated both interfaces from each other Iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

Iptables -I FORWARD -m state -state RELATED,ESTABLISHED -j ACCEPT Iptables -D FORWARD -m state -state RELATED,ESTABLISHED -j ACCEPT Iptables -I FORWARD -i br0 -o br+ -j ACCEPT # optional Iptables -I FORWARD -i br1 -o br0 -p udp -d 192.168.49.1 -dport 53 -j ACCEPT Iptables -I FORWARD -i br1 -o br0 -p tcp -d 192.168.49.1 -dport 53 -j ACCEPT # Give br1 access to pi-hole/allow access to br1 from br0 but not the other way. No wireless on router using 4 x Mesh BT discs.Įverything seems to work as i hoped except my VLAN clients are able to see each other and i didn't want this, but i want access from my LAN to VLAN (this seems to work fine).Īs you can see below i have tried to isolate the VLAN clients from seeing each other but currently rules #'ed out as these didn't work. Pi-hole DNS server on 192.168.49.1 Pi-hole used for both LAN & VLAN DNS. Running OVPN server and commercial client.ġ x VLAN / br1 with 2 x AP for IoT - 192.168.59.1/24

I would really appreciate some help regarding my firewall rules. Posted: Fri 9:42 Post subject: Firewall rule help required to isolate vlan clients