Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Bridge firewall Introduction Goals Command-line interface Testing Troubleshooting Extras Restrict forwarding Bridge firewall This article relies on the following: Accessing OpenWrt CLI Managing configurations Managing packages Managing services Introduction This how-to describes the method for setting up bridge firewall on OpenWrt. Follow Splitting VLANs to be able to filter traffic between VLAN ports. Follow Wireless configuration to isolate wireless clients from each other. Goals Filter traffic between bridged interfaces. Command-line interface Install the packages and enable bridge firewall. # Install packages opkg update opkg install kmod-br-netfilter # Configure kernel parameters cat << EOF >> /etc/sysctl.conf net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 EOF /etc/init.d/sysctl restart Testing Use ping, ping6 or nmap between LAN clients to verify your firewall configuration. Troubleshooting Collect and analyze the following information. # Log and status /etc/init.d/firewall restart # Runtime configuration iptables-save; ip6tables-save; brctl show lsmod | grep -e br_netfilter; sysctl net.bridge # Persistent configuration uci show firewall; grep -v -e "^#" -e "^$" /etc/sysctl.conf Extras Restrict forwarding Restrict traffic forwarding between bridged interfaces. # Disable LAN to LAN forwarding uci rename firewall.@zone[0]="lan" uci set firewall.lan.forward="REJECT" uci commit firewall /etc/init.d/firewall restart This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2021/03/21 07:55by vgaetera