Hello,
I am trying to set up a specific firewall configuration on my router, and I've run into an issue where the firewall rules are not being applied at all. I am hoping someone can tell me if this is a known bug or if there is another setting I've missed.
My Goal: To block all internet access for a single LAN device (192.168.8.171) but still allow it to be accessed by other clients on my Tailscale network.
The Problem: The block rule is completely ignored. For example, a ping google.com from the device at 192.168.8.171 is successful, when it should be blocked.
My Configuration: I have confirmed that Network Acceleration is turned OFF in the main GL.iNet UI, and the router has been rebooted multiple times.
Here are the two rules I have configured in LuCI (Network > Firewall > Traffic Rules), which should be working:
Rule #1: Allow Tailscale Access
-
Name: Allow Tailscale
-
Type: Forwarded
-
Source IP: 192.168.8.171
-
Destination IP Range: 100.64.0.0/10
-
Action: Accept
Rule #2: Block All Other Internet
-
Name: Block Internet
-
Type: Forwarded
-
Source IP: 192.168.8.171
-
Destination Zone: Any zone
-
Action: Reject
Summary of Troubleshooting Steps:
-
Confirmed the
Allowrule is placed above theBlockrule. -
Confirmed Network Acceleration is fully disabled and the router has been rebooted.
-
Confirmed the issue is with standard IPv4 traffic, not an IPv6 leak.
-
The block rule's destination is set to
any zoneto ensure it covers all possible internet exits (likewanandtailscale0).
Even with this setup, which should be foolproof, the firewall is not blocking the traffic. It seems like a potential firmware bug where the firewall is not processing the ruleset correctly. Has anyone else experienced this? Is there another setting I might have missed?
Thank you for your help.