All
mixed setup of +25 notes with all only having ONE WLan interface, AP bridge, bridge-interface, static WDS, RSTP (used HWMPplus over the past 2 years - dropped it - ;-(

most of them act as repeaters/access points, same SSID, same frequency, ending on a wired 450G router used as hotspot/gateway.

Now all is stable, though, I am concerned and not experienced enough of how to 'secure' each AP with bridge firewall rules so nobody can flood the system and take the system down. I can not confirm such happened while running HWMPplus.

i have lots of 'foot' prints, bringing the registered hosts up to 300 easy each day. I have authenticated 'guests' spending average 7 days around the wifi hotspot.

I have queue bandwidth limitations on the hotspot implemented to control access for authenticated users to the internet on hotspot.

Though, my prime concern is the foot traffic, able to access the 'internal' system without authentication. What do you suggest I do?

What firewall rules would you implement on each ap bridge? is it necessary to implement firewall rules?

Thanks a lot for your time reading all this and I am so much wishing I would be closer living to MUM; Melbourne again, still f 20h travel, welcome to paradise, which it is, but soo far away of MUM's.

M