Question

Hi!

I would like to deny a specific client to get WAN access, but still be accessable on the LAN side.

I think I could maybe use "Traffic Rules", but there is no "add new rule" button, I can only edit the already exist rules :s.

Answer 1

Hi,

You are correct in assuming that it can be done using the "Traffic Rules" page. You can add a rule by using the "New Forward Rule" section.

To block a specific client from WAN access, add a rule like this:

Then in the rule editing window set up your rule like this:

1. Protocol: All.
2. Source zone: lan.
3. Source address: IP of the client to block.
4. Destination zone: wan.
5. Action: drop.

Setting it up like this will deny WAN access for the specified client while leaving LAN communication untouched.

Also, as another answer suggests, you can use the Custom Rules page to set up the same thing. In many cases it can be even more convenient, but it requires you to know iptables syntax.

Hope this information is helpful.

Good luck,

DM

Comments

Thank you for a very good and detailed answer! Now I can block my IP cameras for "reaching out", but still have outgoing internet connection to my Blue Iris, even if they are in the same VLAN!

Answer 2

Hi,

You can use CUSTOM RULES for defining your own rules.