Prevent router from comunicating with the Internet
Does the firewall of this router offer functionality similar to the INPUT/OUTPUT chains of iptables?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I'm 99% certain the router is using iptables internally. How much of its functionality is exposed is another matter.
Perhaps we start with what you want to do, and try to map it to UI functionality, because you will not be directly editing iptables conf files :)
- Copy Link
- Report Inappropriate Content
@d0ugmac1 I don't want the router to originate connections to the internet on its own. Like reaching for updates, asking for the time or due to bugs. Call me "old school" but i want the firewall to be completely mute to the internet. If updates are gonna be installed, I prefer to give them to the router from the lan. Nowadays, even popular Linux firewall distros are generating various connection request to the internet per one single user connection request. It reveals there is a firewall there and it reveals the model of the firewall too.
AFAIK in some companies, they have their own internal time and update servers that provide updates and time from behind the walls. These servers are connecting the internet only occasionally, from only one public IP, reducing this way the attack surface.
- Copy Link
- Report Inappropriate Content
I'm not sure Omada is the router tech of choice for you then.
That said, there's a pretty big sub-culture around here using Pfsense router boxes with Omada-controlled switches and APs though.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 I really don't want to mention other brands here. First i wrote a long rant, then deleted it. Considering the alternatives, I still think R605 is the best deal. Will use it and rant to myself :)
- Copy Link
- Report Inappropriate Content
Hi @Bimo
Thanks for posting in our business forum.
Bimo wrote
Does the firewall of this router offer functionality similar to the INPUT/OUTPUT chains of iptables?
No. There is no way to configure CLI within tables.
ACL might be what you need.
ACL does not support IP-port yet. Which means you need to use IP for now. Block SRC to DST. SRC = LAN, DST = ALL IP.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 377
Replies: 5
Voters 0
No one has voted for it yet.