Question: How to Isolate network

Adephx · October 3, 2017, 3:35pm

Hello,

I have set my hAP ac lite to work as a DHCP server, while bridging Ethernet 1-5 together with WLAN 1-2, so that all of the devices are able to communicate with each other inside my own home network. My home network is connected to another network (Ethernet 1), which serves as the internet access and the home network of the owners who rent my apartment. I would like to isolate my home network, so that I am unable to access their network and vice versa.

Supposedly the trick is to add a firewall rule to drop all connections, but wouldn’t that drop the internet traffic as well?

Assuming the host gateway is: 192.168.178.1
And my gateway is: 192.168.190.1
Would the following config work?

ip firewall filter add chain=forward src-address=192.168.178.1/24 dst-address=192.168.190.1/24 action=drop
ip firewall filter add chain=forward src-address=192.168.190.1/24 dst-address=192.168.178.1/24 action=drop

djfrancis · October 3, 2017, 4:22pm

Hello Adephx, your rules seem to be good. If you cant make work with your rules, try this code:

192.168.178.0/24 is your WAN network (Connected to your Ether1)
192.168.190.0/24 is your LAN network (Bridged)

/interface bridge settings set use-ip-firewall=yes
/ip firewall filter add chain=forward src-address=192.168.190.2-192.168.190.254 out-interface=ether1 action=drop comment="Drop outgoing connections from 192.168.190.0/24 except 192.168.190.1"
/ip firewall filter add chain=forward src-address=192.168.178.2-192.168.178.254 in-interface=ether1 action=drop comment="Drop Incoming connections from 192.168.178.0/24 except 192.168.178.1"

pcunite · October 3, 2017, 5:45pm

See here.