What's new

R7800 Block WAN Access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wigster

Occasional Visitor
Hi

I have an R7800 with Voxel's 1.0.2.79 firmware.

I have a device which I'd like to block from accessing the internet but keep it accessible from the LAN. I thought this is what Access Control in the router's firmware was supposed to do, but it seems that it actually disables all access to the device from the LAN also (no ping, no http when the device is Blocked). I am trying to access the device from the 5.0 GHz wifi while it is connected to the 2.4, if that makes any difference.

Is it supposed to do that? And if yes, is there some other setting which would allow me to block WAN access? And it not, can I do it directly by SSHing into the router?

Thanks!
 
afaik only possible via SSHing into the router.

You can create a file /opt/scripts/firewall-start.sh with for instance with these contents:

Code:
#!/bin/sh
iptables -I FORWARD -s 192.168.1.10 -i br0 -o brwan -m state --state NEW -j REJECT

this would block internet access for the device with IP-address 192.168.1.10
(assuming your wan-interface is called brwan. if not, then you might need to replace brwan with ppp0)

make the file executable with chmod +x /opt/scripts/firewall-start.sh
and reload the firewall rules with net-wall restart

Edit: name of the script should be firewall-start.sh
 
Last edited:
Thanks for that. I've got it working.

However, I've just upgraded to the latest firmware and the firewall script is gone.

What's the right way of making such modifications recover with Voxel? I have a usb stick plugged in with my ssh key to enable access and that survives reboots/upgrades. However, if I try to cd to /dev/sda1, I get an error that it cannot cd to that device.
 
Thanks for that. I've got it working.

However, I've just upgraded to the latest firmware and the firewall script is gone.

What's the right way of making such modifications recover with Voxel? I have a usb stick plugged in with my ssh key to enable access and that survives reboots/upgrades. However, if I try to cd to /dev/sda1, I get an error that it cannot cd to that device.

1) one way to make the script persistent is to modify/create /mnt/sda1/autorun/scripts/post-mount.sh ; add this at the end:
Code:
[ -e /opt/scripts/firewall-start.sh ] || cp -f /mnt/sda1/firewall-start.sh /opt/scripts/firewall-start.sh
And copy your firewall-start.sh script at the root of your USB drive.
Now, each time the USB is plugged or the router restarts, it will check if firewall-start.sh script exists in /opt/scripts and add it if necessary (copying from the one at the root of USB drive)

2) USB access is /mnt/sda1
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top