I want to be able to enter the router using HTTP only from the Ethernet connection
so if someone try to enter from the WiFi - he will get 404 error - or something

this is what I have done but it doesn't work - the Wlan IP is 172.20.164.254

I don't want to change the port (80) - because this is not a solution for me

what am I missing or doing wrong?
this is doable I want to believe , no ?

what I do now it NAT to address I don't use I can stay with this , but if I want to do NAT to an image inside the router - can it be done?





Thanks,

i think that you have specify the input (not the forward) chain to block access to the router.

have try this also -
still doesn't block

have you put the rules in the correct order?

i would suggest to make a log rule and use only src. place it on top of the rule list. Start accesing the router from the src address. Once you see packets hit the log rule you know it works. Now change the action to drop.

Be carefull because you can block yourself so make sure you can login with mac.

Now once this works try to change to your liking and check with each step if the rule gets triggered.

Hi,
you can use In/Out interface in firewall rules , or IP addresses , chain is input , src address is you Wifi network subnet such as 192.168.200.0/24 or something like that , and your dest address is your router address action is drop or tarpit