Hi
Can you answer me following questions?
- Can I restrict using SSH to only ethernet cable (block LAN access via Wireless) if so, how?
- Can I disable SSH completely?
- How to prevent bruteforce on luci in LAN?
You can just turn off password access and then no one is brute forcing a password interface. You can still login with an authorized key.
Best way is to use Guest wifi which only allow Internet, not accessing the router itself.
Just close port 22 from LAN.
If someone connected to your LAN, and they want to bruteforce you, I don't think there is too much to do, unless you don't open any port.
I want to close it wrong WLAN, but allow from LAN via cable. Is it possible?
Possible but seems that you want fully flexibility, I suggest that you use guest wifi, which has http and ssh closed.
The topic is security. So think In 'security zones'. There is WAN, LAN and Guest. WLAN ist included in LAN.
This makes the configuration much easier, if your mobile phone follows the same rules as your PC. And the laptop got the same rules via cable or wireless.
If you don't trust a device, put it in another zone (guest). This is the easiest solution.
If you want to break the logic, you may need to build a new bridge and copy the whole ruleset and make the wanted adjustments. For every change in future, too.
It is possible via Luci, the full flexibility. But this will break the GL-iNet GUI and features.
1 Like