Jack Yaz
Part of the Furniture
I have created a guest network script. I want to allow the guest network access to a DNS server running in the primary subnet 10.14.16.2 (PiHole)
I have the below rules. My question is, do I need the last one for the clients to work properly. Or is it best shutting off all access between the guest wifi interface and the inner lan on ebtables?
I have the below rules. My question is, do I need the last one for the clients to work properly. Or is it best shutting off all access between the guest wifi interface and the inner lan on ebtables?
Code:
Where $1 is guest interface e.g. wl0.1 and $2 is either -I or -D
/usr/sbin/ebtables -t broute $1 BROUTING -p ipv4 -i $2 -j DROP
/usr/sbin/ebtables -t broute $1 BROUTING -p ipv6 -i $2 -j DROP
/usr/sbin/ebtables -t broute $1 BROUTING -p arp -i $2 -j DROP
/usr/sbin/ebtables -t broute $1 BROUTING -p ipv4 -d XX:XX:XX:XX:XX:XX -i $2 -j ACCEPT