The default "Guest" network blocks the router login page which it should, and I expected other vlans to as well since they're on different subnets. I've created several vlans and successfully setup rules to block them from the lan and each other etc, but they can still get to the router login. How do I stop that? I don't want my IoT vlan to be able to get to the router login. Thanks!
This question may be caused if the newly created VLAN is classified into the "lan" zone of ββthe firewall.
You can create a new rule in the firewall:
uci add firewall rule
uci set firewall.@rule[-1].name='Block_VLAN11_Web'
uci set firewall.@rule[-1].src='lan' # change depends on your VLAN zone name
uci set firewall.@rule[-1].src_ip='192.168.11.0/24'
uci set firewall.@rule[-1].dest='device'
uci set firewall.@rule[-1].dest_ip='192.168.11.1 192.168.8.1'
uci set firewall.@rule[-1].dest_port='80,443'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].target='DROP'
uci commit firewall
/etc/init.d/firewall restart
Wanted to optimize this 
, now the firewall rule points to this device on 0.0.0.0 even if there are more ranges present, they don't have to be listed, only src is required.
uci add firewall rule
uci set firewall.@rule[-1].name='Block_VLAN11_Web'
uci set firewall.@rule[-1].src='lan' # change depends on your VLAN zone name, if vlan is in zone vlan11, place vlan11 here.
uci set firewall.@rule[-1].dest_port='80 443'
uci set firewall.@rule[-1].target='DROP'
uci commit firewall
/etc/init.d/firewall restart
Thank you!
Thank you that worked perfect.
1 Like