Hello! I tried to create a rule to block all traffic from a interface (ath1) to a netblock (192.168.0.0/16). The device is a WLAN router and the ath1 interface is unencrypted, allowing visitors to login. But i want to restrict access to my private lan (192.168.0.0/16). The router performs nat between the ath1 and the ath0. So forwared packets need to reach the next hop (192.168.0.1), allowing visitors to access the internet. The router itself (and other interfaces on the router) should still be able to reach 192.168.0.0/16. I tried to come up with a rule for that, but my solutions doesn't seem to work. I hope anyone can give me a solution for this problem, or at least an idea how to solve it. -- Yours truly Daniel Triendl trellmor@xxxxxxxxxxxxx http://dani.tac-ops.net
