FreshTomato Wiki

User Tools

Site Tools

Trace: wlan

Sidebar

freshtomato.org

Wiki

▸ About

▸ Releases

▸ Hardware compatibility

▸ 3G/4G/5G compatibility

▸ Feature matrix

▸ Documentation

▸ HOWTOs

▸ FAQ

Forum

AX

Download

Changelog

Development

Bug track

ARM

Download

Changelog

Development

Bug track

MIPS

Download

Changelog

Development

Bug track


TomatoAnon

✔️ Help (WikiText Syntax)

🧑‍🤝‍🧑 Credits

💰 Donations

disable_access_to_admin_access_ssh:gui_for_guest_v:wlan

This is an old revision of the document!

Disable administrative access (SSH/GUI) for guest V/WLAN

The default settings make Tomato's administration ports (SSH and HTTP/S) reachable from all VLANs/WLANs configured on the router.

If you don't want communication to be available on a certain VLAN or WLAN, you can filter out access to those ports by using the following script in the Administration/Scripts/Firewall page: 

iptables -t filter -I INPUT 1 -p tcp -m multiport -i br1 --dport 22,23,80,443 -j REJECT

Your bridge number will reflect the interface on which you which to disable the above protocols.

If you're using non-standard port numbers, You can change the ports used above (22,80,443). You can also add additional lines changing br1 if you have multiple bridges/guest VLAN

To ensure you don't lock yourself out of having access to the router, avoid filtering on bridge br0.

This will take effect as soon as the firewall script is called next. You can force this manually with either a service firewall restart or rebooting the device.

disable_access_to_admin_access_ssh/gui_for_guest_v/wlan.1612912009.txt.gz · Last modified: 2021/02/09 23:06 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki