FreshTomato Wiki

User Tools

Site Tools

Trace: wlan

Sidebar

freshtomato.org

Wiki

▸ About

▸ Releases

▸ Hardware compatibility

▸ 3G/4G/5G compatibility

▸ Feature matrix

▸ Documentation

▸ HOWTOs

▸ FAQ

Forum

AX

Download

Changelog

Development

Bug track

ARM

Download

Changelog

Development

Bug track

MIPS

Download

Changelog

Development

Bug track


TomatoAnon

✔️ Help (WikiText Syntax)

🧑‍🤝‍🧑 Credits

💰 Donations

disable_access_to_admin_access_ssh:gui_for_guest_v:wlan

This is an old revision of the document!

Disable administrative access (SSH/GUI) for guest V/WLAN

The default settings make Tomato's administration ports (SSH and HTTP/S) reachable from all VLANs/WLANs configured on the router.

If you don't want to communication to be available on a certain interface, you can filter out access to those ports by using the following script in the Administration/Scripts/Firewall page: 

iptables -t filter -I INPUT 1 -p tcp -m multiport -i br1 --dport 22,23,80,443 -j REJECT

Your bridge number will reflect the interface on which you which to disable the above protocols.

If you're using non-standard port numbers, You can change the ports used above (22,80,443). You can also add additional lines changing br1 if you have multiple bridges/guest VLAN

Be careful not to lock yourself out of having access. It's not a good idea to filter on bridge br0.

This will take effect as soon as the firewall script is called next. You can force this manually with either a service firewall restart or rebooting the device.

disable_access_to_admin_access_ssh/gui_for_guest_v/wlan.1612911883.txt.gz · Last modified: 2021/02/09 23:04 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki