How to block traffic from one subnet to another except for one location

Question

I'm using DD-WRT on my home router and I'm using a Pi-Hole for the DNS server.

The main network is 192.168.1.0/24. The default route is .1.1 and the Pi-Hole is sitting at .1.2 (static).

I've created a guest network of 192.168.2.0/24. I want to block all addresses on the .1.0/24 subnet from .2.0/24 subnet except for the Pi-Hole address (.1.2). How do I do this?

score 0 · Answer 1 · answered Aug 11 '19 at 22:34

Just to answer my own question... This seems to have done the trick:

iptables -I FORWARD -s 192.168.2.0/24 -d 192.168.1.0/24 -j DROP
iptables -I FORWARD -s 192.168.3.0/24 -d 192.168.1.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 192.168.1.2 -j ACCEPT
iptables -I FORWARD -s 192.168.3.0/24 -d 192.168.1.2 -j ACCEPT

How to block traffic from one subnet to another *except* for one location

1 Answers1

How to block traffic from one subnet to another except for one location