Hello. On GLinet GL-MT 300N V2 i tried to restrict guest zone to Skyp
But can not figure out how to do it properly
Just when i restrict the guest zone with guestzone -> wan input reject output reject forward reject the wifi can not connect i have self assigned address
Please help if appropriate
here is my config :
BusyBox v1.30.1 () built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 19.07.8, r11364-ef56c85848
-----------------------------------------------------
root@GL-MT300N-V2:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option network 'wan wan6 wwan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include 'glfw'
option type 'script'
option path '/usr/bin/glfw.sh'
option reload '1'
config zone 'guestzone'
option name 'guestzone'
list network 'guest'
option forward 'REJECT'
option input 'REJECT'
option output 'REJECT'
config rule 'sambasharewan'
option src 'wan'
option dest_port '137 138 139 445'
option dest_proto 'tcpudp'
option target 'DROP'
config rule 'sambasharelan'
option src 'lan'
option dest_port '137 138 139 445'
option dest_proto 'tcpudp'
option target 'ACCEPT'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glqos'
option type 'script'
option path '/usr/sbin/glqos.sh'
option reload '1'
config forwarding
option dest 'wan'
option src 'guestzone'
option ipset 'listenabledip'
config rule
option src 'guestzone'
option dest 'wan'
list dest_ip '15.188.101.115'
option family 'ipv4'
option target 'ACCEPT'
option name 'sshtovpnallow'
config rule
option src 'guestzone'
option name 'skypeallow'
option dest 'wan'
option target 'ACCEPT'
list dest_ip '111.221.74.0/24'
list dest_ip '111.221.77.0/24'
list dest_ip '157.55.130.0/24'
list dest_ip '157.55.235.0/24'
list dest_ip '157.55.56.0/24'
list dest_ip '157.56.52.0/24'
list dest_ip '213.199.179.0/24'
list dest_ip '64.4.23.0/24'
list dest_ip '65.55.223.0/24'
list dest_ip '63.245.217.0/24'
list dest_ip '134.170.19.0/24'
list dest_ip '157.56.53.0/24'
list dest_ip '191.239.211.0/24'
list dest_ip '191.235.188.0/24'
list dest_ip '134.170.0.0/24'
list dest_ip '157.56.114.0/24'
list dest_ip '191.233.80.0/24'
list dest_ip '104.41.213.0/24'
list dest_ip '104.40.141.0/24'
list dest_ip '104.47.139.0/24'
list dest_ip '191.235.187.0/24'
list dest_ip '23.102.24.0/24'
list dest_ip '91.190.216.0/24'
list dest_ip '137.116.195.0/24'
list dest_ip '134.170.24.0/24'
list dest_ip '157.56.108.0/24'
option family 'ipv4'
config ipset
option name 'listenabledip'
option match 'dest_net'
option enabled '1'
list entry '111.221.74.0/24'
list entry '111.221.77.0/24'
list entry '157.55.130.0/24'
list entry '157.55.235.0/24'
list entry '157.55.56.0/24'
list entry '157.56.52.0/24'
list entry '213.199.179.0/24'
list entry '64.4.23.0/24'
list entry '65.55.223.0/24'
list entry '63.245.217.0/24'
list entry '134.170.19.0/24'
list entry '157.56.53.0/24'
list entry '191.239.211.0/24'
list entry '191.235.188.0/24'
list entry '134.170.0.0/24'
list entry '157.56.114.0/24'
list entry '191.233.80.0/24'
list entry '104.41.213.0/24'
list entry '104.40.141.0/24'
list entry '104.47.139.0/24'
list entry '191.235.187.0/24'
list entry '23.102.24.0/24'
list entry '91.190.216.0/24'
list entry '137.116.195.0/24'
list entry '134.170.24.0/24'
list entry '157.56.108.0/24'
root@GL-MT300N-V2:~#