Skip to content

Instantly share code, notes, and snippets.

@drio

drio/iptables_openwrt_iot.md

Created July 20, 2021 21:18
Show Gist options
  • Save drio/56f632a90e6dff14079cb2722ebcca61 to your computer and use it in GitHub Desktop.
Save drio/56f632a90e6dff14079cb2722ebcca61 to your computer and use it in GitHub Desktop.
Download ZIP
Configuring iptables on openwrt for IOT devices.
Raw
iptables_openwrt_iot.md

I have a network like this:

internet ------- router1 (openwrt) -------192.168.8.0/24 ----router2 (openwrt) ------- 10.0.0.0/24

I have IOT devices that I don't trust in the 10.0.0.0/24 network (IOT network). The 192.168.8.0/24 is my home network. I wanted iot devices to have internet access but disable access to my 192 network.

To do that, I sshed into router2 and run the following cmds:

# iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -I FORWARD 2 -d 192.168.8.1 -j ACCEPT
# iptables -I FORWARD 3 -d 192.168.8.0/24 -j DROP

After testing and making sure the rules worked as I expected, I persisted them by doing:

# cat >> /etc/firewall.user
# Only let traffic to the router from the IOT network
# But let established connections from the 192 network to the IOT network
iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 2 -d 192.168.8.1 -j ACCEPT
iptables -I FORWARD 3 -d 192.168.8.0/24 -j DROP

-drd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment