I have been dabbling with what to do for having hardwired IoT devices that I don’t want to be anywhere near the rest of the network. I wrote (in collaboration with Gemini) the attached script for the Flint 2. It’s pretty generic so it should work on other routers that allow you to take a port off the LAN bridge as well.
The script segregates/isolates LAN3 from the rest of the network. LAN3 gets it’s own DHCP range (192.168.21.x) and can only communicate with the WAN but not the other LAN ports or Wifi.
Simply execute into the router, execute the script and then reboot once manually. The script will survive reboots etc… but you will obviously need to rerun if you wipe the settings.
I also manually a ACL entry in the Gl.Inet interface (avaiable in 4.9 beta - see picture) to allow temporary inbound access from the rest of LAN to this network - you simply toggle the rule on if you need to access devices and toggle it off again when done
Script:
SegregateLan3 - v1.sh (1.8 KB)
If there is anything I missed please let me know. I test with a couple of devices and it seems to work exactly how I want it to be but this is my first openWRT script in a long time so I may have missed something and am eager to learn if that’s the case…
For the Gl.iNet team: If you want to use some or all of the code to incorporate in a future feature to make similar functionality available in the web interface you are welcome to it…