Re: [lime-users] Security

On 10/28/20 2:54 PM, Juergen Kimmel wrote: router. This is a very interesting question! We absolutely need some documentation on this, as I'm sure that it is a common problem. I don't know if there is a prepared solution for this or if you'll have to add a firewall rule. I just tested, and being connected to a LAN port or to the AP of my LibreMesh router directly connected via its WAN port to my ISP router, I can ping other devices connected directly to the ISP router. I tested this both with and without the OpenWrt firewall package selected. I suppose this is what you do not want, correct? The easiest solution I can think of is: * find out the IPv4 of your home gateway (likely 192.168.0.1 or 192.168.1.1) * from this IPv4, find the subnet of your home network: take the gateway IP, replace the rightmost field by a zero digit and append a "/24" (usually either 192.168.0.0/24 or 192.168.1.0/24) * add this line in the middle of the /etc/rc.local file in the router directly connected to the ISP, before the "exit 0" line: iptables -I FORWARD -d your_network_subnet -j REJECT for example, in my case my gateway router has IP 192.168.0.1 and I added: iptables -I FORWARD -d 192.168.0.0/24 -j REJECT And reboot. If anyone has a more elegant solution, please share! Ciao, Ilario _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users