Posted: Thu Feb 27, 2014 22:32 Post subject: can you add LAN firewall rules?
i know in pfsense and TMG you can add static routes for different networks to your VLAN switch and from your vlan switch add a static route to your router then in the "firewall rules" you can create allow/block rules so the internal networks (LAN networks) cant gain access to the WAN or certain LAN networks cant talk to other LAN networks
is this possible in dd wrt ie can you add LAN rules to allow certain LAN networks to talk to other LAN networks or block everyone to the internet ie WAN
Yes. The router, by definition, allows you to manage traffic (via firewall rules) between *any* of its network interfaces, whether it is the WAN, LAN, VLANs, VPN (tun, ppp), wireless (eth1), etc.
What you typically won’t be able to do is control traffic WITHIN any given network interface (i.e., anything that is switched rather than routed). And that’s because it’s not a fully managed switch.
For example, the router would typically NOT allow you to prevent device “A” from accessing (switching to) device “B” on the same LAN or VLAN. But if “A” and “B” where on *different* network interfaces, you could use firewall rules to enforce it since that requires routing.
You can typically add static routes and manage WAN port forwarding (which involves the firewall) via the GUI, but anything beyond that requires using the CLI (command line interface) via telnet or SSH (e.g., route, iptables).
### Only allow the device w/ ip address 192.168.1.100 on the LAN to access the internet
iptables -I FORWARD 1 -i br0 -s 192.168.1.100 -o `nvram get wan_iface` -j ACCEPT
iptables -I FORWARD 2 -i br0 -o `nvram get wan_iface` -j DROP