I've just set up a Hotspot on my RB951 at work using a virtual AP named wlan2 attached to wlan1.
I have PPPoE client on eth1, eth2 to eth5 in a bridge wit wlan1.
My LAN and wlan1 are my private network and I noticed that connected Hotspot users CAN access devices in my private LAN. I would like to block them from accessing anything other that the Internet, preferably themselves also, client isolation. Is is enough to a a dd a firewall rule on the forward chain to drop access from 10.5.0.0/24 (Hotspot pool) to 192.168.1.0/24 (private LAN)?
Sent from my STH100-2 using Tapatalk