Asus merlin: How to block communication between two device on the network?

[sudodavi]

Hi

I am using Asus Merlin 3004.388.5.
on my WiFi I have two device
1. Macbook
2. iPhone

I would like to block communication between the 2 devices, they cannot be discoverable by each other.
But I have other devices on my network which has to discover my iPhone, e.g: AppleTV.
I don't wanna use Guest network or a separate wifi network on any way

Any idea?

Thanks!

 

[ColinTaylor]

Put one of them on a guest Wi-Fi network with intranet access disabled.

 

[ColinTaylor]

I don't wanna use Guest network or a separate wifi network on any way

I see you updated your post after I replied.

So the answer is no, this cannot be done.

 

[bennor]

I don't wanna use Guest network or a separate wifi network on any way

Any idea?

Maybe some sort of IPTables rule would do it to block communication with each other. No idea if actually possible.
I know you said no Guest Network, but if you did choose to use Guest Network, its possible using YazFi (if not using AiMesh) that you might be able to accomplish what you seek by enabling YazFi's Two Way to Guest then using custom scripting to configure the firewall to block two specific IP addresses from communicating with each other. Example, something like the following with YazFi:

#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o br0 -s 192.168.3.50 -d 192.168.1.100 -j DROP
iptables -I YazFiFORWARD -i br0 -o wl0.1 -s 192.168.1.100 -d 192.168.3.50 -j DROP

Probably would take some experimenting to get the right code.

 

[sudodavi]

Maybe some sort of IPTables rule would do it to block communication with each other. No idea if actually possible.
I know you said no Guest Network, but if you did choose to use Guest Network, its possible using YazFi (if not using AiMesh) that you might be able to accomplish what you seek by enabling YazFi's Two Way to Guest then using custom scripting to configure the firewall to block two specific IP addresses from communicating with each other. Example, something like the following with YazFi:

#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o br0 -s 192.168.3.50 -d 192.168.1.100 -j DROP
iptables -I YazFiFORWARD -i br0 -o wl0.1 -s 192.168.1.100 -d 192.168.3.50 -j DROP

Probably would take some experimenting to get the right code.

Thanks, good idea, I will try it

 

[glens]

The question itself is interesting enough, but even /more/ interesting would be the "why" of it?

 

[sfx2000]

Probably would take some experimenting to get the right code.

That might help with IPv4, but IPv6 link-local might still come into play between the two devices...

 

[sfx2000]

That might help with IPv4, but IPv6 link-local might still come into play between the two devices...

Should also note that Bonjour/Rendezvous is IPv6 native, even on a network that doesn't support IPv6 on the router, and that AWDL might try to do direct point-to-point (AWDL is what AirPlay uses).

 

[sfx2000]

Put one of them on a guest Wi-Fi network with intranet access disabled.

this is the way

 

[sudodavi]

The question itself is interesting enough, but even /more/ interesting would be the "why" of it?

The reason is that I am an iOS mobile engineer, and Apple started something under the hood... Many people rumor is that in the next upcoming years they will have portless iPhones. And the first step appeared this year, if your Mac and the iPhone is on the same network then Xcode (IDE) wont built via cable (even if you attached the phone via cable to the mac) and you cannot change it manually, in the past years it was possible but not anymore.
But if the Mac / iPhone is not seeing each other then Xcode will fall-back to install / debug the app via cable.
The problem is to install / debug an application via network is really really slow. And I dont mind to do it via network but is slowing down my work, and Apple didnt publish anything about it, what can we do to speed up this... just silently introduced this and leave the devs alone. So the only workaround would be to me to block somehow the communication between the 2 device, and then Xcode will always debug via cable (which is fast and working well)

 

[glens]

Wow, and thanks for sharing. (I hate it when folks who don't even know me know that they know better than me how I might want to use something.)

 

[L&LD]

Apple, when you can't have your cake or eat it the way you want it too.

 

[sfx2000]

The reason is that I am an iOS mobile engineer, and Apple started something under the hood... Many people rumor is that in the next upcoming years they will have portless iPhones. And the first step appeared this year, if your Mac and the iPhone is on the same network then Xcode (IDE) wont built via cable (even if you attached the phone via cable to the mac) and you cannot change it manually, in the past years it was possible but not anymore.

Looking at Xcode 15.2 - go to Window -> Devices and Simulators - you should still see the checkbox for debug over network... and on my install, the checkbox is not greyed out, so it can be selected on/off..

My Mac is running MacOS 14.3, iPhone iOS 17.3, and both are on the same network - I can check/uncheck the debug over network... Have you tried removing the device and adding it back it - Xcode can be pretty fiddly about this, as you likely know first hand...

 

[sfx2000]

Apple, when you can't have your cake or eat it the way you want it too.

Development environments are all a pain.

Xcode isn't that much different than what one sees with Android Studio or the MS environments - they all suck

 

[sudodavi]

Looking at Xcode 15.2 - go to Window -> Devices and Simulators - you should still see the checkbox for debug over network... and on my install, the checkbox is not greyed out, so it can be selected on/off..

My Mac is running MacOS 14.3, iPhone iOS 17.3, and both are on the same network - I can check/uncheck the debug over network... Have you tried removing the device and adding it back it - Xcode can be pretty fiddly about this, as you likely know first hand...

its possible that this tick is enabled but it's depending on the device and the iOS version. all of my team members has the same thing (>10 iOS devs, disabled tick for this option).
thanks for the advice but I think here we should not focus on xcode, there are other forums for this. I wrote here to solve the problem on my router lets leave this forum / thread for asus routers.