I am trying to build an additional iptables rule to supplement ho1Aetoo's very helpful Quick Start Guide. Specifically, I am working within the framework shown in the last example titled "allow management access from br0 to br1+br2 - long version".
I want to block WAN access to/from devices on br2. Would these two rules accomplish this?
Code:
iptables -I OUTPUT -i br2 -j logdrop
Code:
iptables -I FORWARD -o br2 -j logdrop
Are there other rules I should consider adding? I don't need to access my network externally, host any services, etc. Just want to allow typical web browsing, streaming, etc. on br0 and br1.
I am trying to get all my ducks in a row before setting my ISP provided gateway into bridge mode to minimize impact on the people in my household using our current setup (who see no reason to change anything). Many thanks for any advice/suggestions at this stage!