Hi All,

I’d like to block a couple of “guest” devices from accessing any devices on my LAN, but allow them internet access. They’re streaming media boxes from a foreign country, and I’m not convinced they are, or will remain clean of malware.

Yes, the easiest solution is to simply remove them, or block them entirely, but there are “family issues” at work, and I’d like a short-term solution until the family members leave and take their device with them.

I’ve already rate limited them with queues so they don’t have a significant upload speed so their ability to participate in any DOS business will be limited.

I have the device’s MAC and have it locked to a static IP, so I’d like to deny 192.168.x.x and allow anything else.

Any ideas?

  • henfredemars
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    2 months ago

    I use the poor man’s VLAN: Guest Networks.

    • adarza@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      2 months ago

      i don’t have the luxury here of such fancy features, so i just use a second router with its own network and ssid for things that don’t need full lan access (streaming devices, mainly). double-nat, but don’t care. everything works fine.