Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Sylvia Else Newsgroups: comp.misc Subject: Re: Firewalls: Rant Date: Sun, 8 Dec 2024 18:52:08 +0800 Lines: 18 Message-ID: References: <6754bad3@news.ausics.net> <67553baf@news.ausics.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net fuUXp57/5aTwus2MuUle1w1uDCpZHvuFh8SOljd3HncfQSYO3O Cancel-Lock: sha1:2jn9FBUBrkNhuRRfl1vSKZqdCpE= sha256:5DMNZK6/9vv0guS/qbpXrQ7bB8hji9ZG3lSMON/vtLs= User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Content-Language: en-US In-Reply-To: <67553baf@news.ausics.net> Xref: csiph.com comp.misc:26259 On 08-Dec-24 2:24 pm, Computer Nerd Kev wrote: > Sylvia Else wrote: >> I was just iptables directly, since I know how to configure it. I need >> to reverse the trust relationship, trusting wan, and not trusting lan. >> In the end I've just gone through the luci stuff, replacing lan with wan >> and vice versa. Now I just need to figure out the best way of blocking >> access from lan to some wan subnets. Probably not difficult, though it >> would help if I could find a defined syntax, rather than just examples. >> Maybe I'm just looking in the wrong place. > > I've never used the LuCI Web interface, but this page has plenty of > details for editing the /etc/config/firewall file: > https://openwrt.org/docs/guide-user/firewall/firewall_configuration > Thanks for the link. Sylvia.