![]() Go into the bridge configuration in Winbox, select the filters tab, and click the blue + icon to create a new rule. Now we just create a bridge firewall rule that blocks winbox and another that blocks http on your bridge:įor this example, I'm going to assume that your bridge is called "bridge-local", that your wifi interface is "wlan1" and that your LAN interface is 192.168.88.1 ![]() Note the wlan interface(s) which show up as ports attached to the bridge you identified in step 1 above. Okay, knowing this, let's make sure we also have the correct name of your wifi interface - it's almost 100% guaranteed to be wlan1 - but just look in your bridge menu: Interface to be available on internet, but by default it isn't (because all input from ether1 is blocked).Ī few bridge filter rules will do the trick here - and it's easy enough to implement.įirst, find the name of your LAN bridge (it's probably the only bridge on your system) - the easiest way to guarantee you have the right interface is to look in IP Addresses menu - Let's say that your LAN uses the IP address range 192.168.88.X - whichever interface has the IP address 192.168.88.1/24 applied to it - that's your LAN bridge. The easiest is to set a secure password on the admin account (you did set a password,ĭidn't you?) and forget this requirement of "only on ethernet". So a short answer: it is not as easy as you think, and there is not that "click here to do it" functionality youįind in other routers. When this is not the way you are using it, you will be introducing another IP network and routing, and it mayĬause additional trouble like "not being able to find your printer or NAS".Īlternatively, it would be possible to use "bridge filters" but that results in additional overhead and it also Only in the rare case that you want to manage the box, using a computer you plug in at that time. ![]() This will be fine when you use only the wifi in daily use and want to use ether2-4 To do that you first need to separate the two networks (remove the bridge and use a separate IP rangeįor ethernet and wifi). ![]() So, you cannot solve this in the way that amt indicated, Is combined BEFORE the firewall rules are applied. You will have a bridge configuration now which means that the input from wifi and ethernet
0 Comments
Leave a Reply. |