[Firehol-support] block client to client connections

Jon bae jonbae77 at gmail.com
Thu Sep 20 08:52:40 BST 2018


Hello Everybody,
can you give me a hint of how to block client to client connections?

I would like that the wlan user can connect to the internet, but not to
each other.

At the moment my wlan interface looks like this:

# firewall rule from wlan to interface wlanGuest
interface "${wlanGuest}" wlan-Guest
        policy  reject
        ipv4    server  "dhcp dhcprelay"        accept
        ipv4    server  "icmp dns squid"        accept  dst 192.168.2.1
        ipv4    client  all     accept

I thought instead of:
*ipv4    client  all     accept*

I can use:
*ipv4    client  all     drop dst "192.168.2.0/14 <http://192.168.2.0/14>"*

But this would block the incoming from the internet to, right?

Have a nice day!

Jonathan



More information about the Firehol-support mailing list