subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
499 views 1 comments
by anonymous

I would like to deny a specific client to get WAN access, but still be accessable on the LAN side.

I think I could maybe use "Traffic Rules", but there is no "add new rule" button, I can only edit the already exist rules :s.

2 Answers

0 votes
by anonymous


You are correct in assuming that it can be done using the "Traffic Rules" page. You can add a rule by using the "New Forward Rule" section.

To block a specific client from WAN access, add a rule like this:

Then in the rule editing window set up your rule like this:

  1. Protocol: All.
  2. Source zone: lan.
  3. Source address: IP of the client to block.
  4. Destination zone: wan.
  5. Action: drop.

Setting it up like this will deny WAN access for the specified client while leaving LAN communication untouched.

Also, as another answer suggests, you can use the Custom Rules page to set up the same thing. In many cases it can be even more convenient, but it requires you to know iptables syntax.

Hope this information is helpful.

Good luck,


Best answer
by anonymous
Thank you for a very good and detailed answer! Now I can block my IP cameras for "reaching out", but still have outgoing internet connection to my Blue Iris, even if they are in the same VLAN!
0 votes
by anonymous


You can use CUSTOM RULES for defining your own rules.