R7800 Block WAN Access

  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

Wigster

Occasional Visitor
Hi

I have an R7800 with Voxel's 1.0.2.79 firmware.

I have a device which I'd like to block from accessing the internet but keep it accessible from the LAN. I thought this is what Access Control in the router's firmware was supposed to do, but it seems that it actually disables all access to the device from the LAN also (no ping, no http when the device is Blocked). I am trying to access the device from the 5.0 GHz wifi while it is connected to the 2.4, if that makes any difference.

Is it supposed to do that? And if yes, is there some other setting which would allow me to block WAN access? And it not, can I do it directly by SSHing into the router?

Thanks!
 

R. Gerrits

Senior Member
afaik only possible via SSHing into the router.

You can create a file /opt/scripts/firewall-start.sh with for instance with these contents:

Code:
#!/bin/sh
iptables -I FORWARD -s 192.168.1.10 -i br0 -o brwan -m state --state NEW -j REJECT
this would block internet access for the device with IP-address 192.168.1.10
(assuming your wan-interface is called brwan. if not, then you might need to replace brwan with ppp0)

make the file executable with chmod +x /opt/scripts/firewall-start.sh
and reload the firewall rules with net-wall restart

Edit: name of the script should be firewall-start.sh
 
Last edited:

Wigster

Occasional Visitor
Thanks for that. I've got it working.

However, I've just upgraded to the latest firmware and the firewall script is gone.

What's the right way of making such modifications recover with Voxel? I have a usb stick plugged in with my ssh key to enable access and that survives reboots/upgrades. However, if I try to cd to /dev/sda1, I get an error that it cannot cd to that device.
 

HELLO_wORLD

Senior Member
Thanks for that. I've got it working.

However, I've just upgraded to the latest firmware and the firewall script is gone.

What's the right way of making such modifications recover with Voxel? I have a usb stick plugged in with my ssh key to enable access and that survives reboots/upgrades. However, if I try to cd to /dev/sda1, I get an error that it cannot cd to that device.
1) one way to make the script persistent is to modify/create /mnt/sda1/autorun/scripts/post-mount.sh ; add this at the end:
Code:
[ -e /opt/scripts/firewall-start.sh ] || cp -f /mnt/sda1/firewall-start.sh /opt/scripts/firewall-start.sh
And copy your firewall-start.sh script at the root of your USB drive.
Now, each time the USB is plugged or the router restarts, it will check if firewall-start.sh script exists in /opt/scripts and add it if necessary (copying from the one at the root of USB drive)

2) USB access is /mnt/sda1
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top