Hello everyone,
I want to setup turris firewall to behavior like guest wifi, but for whole network - so new device connected to network will only have access to internet (and turris administration), but won’t see any other device in lan.
Access to other devices in lan will be explicitly permitted with firewall rule.
I don’t want to make any experiments, I’m scarred of locking myself up from the router.
Current settings are following
Firewall - Zone Settings:
Enable SYN-flood protection - YES
Drop invalid packets - YES
Input - accept
Output - accept
Forward - reject
Zones:
lan -> wan: input-accept; output-accept; forward-accept
wan -> reject: input-reject; output-accept; forward-reject; masquerading; MSS clamping
I’ll be glad for help.