Flint 2 network client control doesn't work

Can someone tell me how to prevent a client from accessing the Internet but still be active on the network?

I just found that in the video.

I found this in the video here:

I have no idea whether this is correct.

Hi,

Find it in the CLINETS of the GL GUI, see if it can meeet your requirements

Or do you require, able to access the LAN but unable to the WAN for one client?

I found that too, but if I check Block, I can no longer access it on the network.

There is a device that is only allowed to work in the network but not with the Internet via WiFi
Bildschirmfoto 2024-09-02 um 09.07.00

and it is not possible to enter 0, there must be at least 1 there

Best is to do this via luci.

Go to luci -> network -> firewall.

Click on tab traffic rule.

Then click on add new rule.

The rule looks like something like this:

src zone: lan
src mac: the mac you dont want to have internet, click on the next tab to find src mac
dest zone: wan
Target: reject

Do this also for wgclient if the client also uses vpn, then you have 2 rules😉

1 Like

Would that be right or would it all be wrong?

Oh yes VPN is also on (Wireguard)



If you plan for the client to have no internet then:

  • remove source address
  • remove destination address
  • go back to advanced settings, and fill in the source mac address of the device you don't want.
  • on action set it to reject

Then all is fine :+1:, you can replicate the same rule but then replace destination zone wan into wgclient.

Is there any particular reason for ip 192.168.50.222?

It is also possible if you want a block rule like:

"I want to block everything except this ip/mac" that is also possible but you need to add a ! in front of the address if it errors you likely have to edit the config with a text editor.

Ahhhh I think I have it. I have 2 rules.

If I turn off VPN it no longer works either. So I made another rule for Wireguard and now it no longer works for both.

I hope that's right?




2 Likes

This should be correct :+1:

If it doesn't likely you need to use a fixed mac address on the mac device, it should be a setting inside the mac then.

Thanks for the help.

The device still gets a fixed IP internally

1 Like