Disable access to router from wireless

WDS · November 10, 2015, 3:11pm

Could you please help me with one task? It sounds pretty simple, but Google finds nothing. I need to disable access to the router (WinBox, WebFig) from the wireless interface.

How to achieve this most correct assuming I have router configuration near to factory default?

I know I can make a separate IP pool for the wlan1 and then leave access to WebFig/WinBox limited to another subnet only, but I think there should be more simple way.

Also tried to create firewall rule, but it throws error that wlan1 is the slave interface and cannot be monitored directly.

Many thanks in advance!

jarda · November 11, 2015, 4:33pm

If the wlan is in bridge, activate the bridge firewall and drop packets going in to specific ip/port from wlan interface of the bridge.

WDS · November 12, 2015, 6:43am

Thank you Jarda! Actually this is what I also came to while my initial post was on moderator’s approval here. Dropping packets in the input chain coming through wlan1 to IP of the router to WebFig and WinBox ports. Works as expected.

I did not know before there is a dedicated firewall part for the bridge.

jarda · November 12, 2015, 8:42am

Nice. There are many options everywhere so it can easily make someone mad if he tries to understand everything at once. I am still learning new things in ros even I neglect some huge areas that I don’t need to use so far.