R7000 - AP mode client isolation

3 posts / 0 new
Last post
claykin's picture
R7000 - AP mode client isolation

WIth Kong's firmware, or straight DDWRT, is it possible to have client isolation (no LAN access) while still allowing Internet access?  In AP mode, not router mode?

Kong's picture
Well normally this does not

Well normally this does not work, as in ap mode you are using lan to connect to the internet thus you cannot block lan and have internet. This only works, by using vlans, which can be done, but requires also another router that will provide wan and you will have to create custom commands in order to route and block traffic from guest vlan.

Accid's picture
Try playing with these

Try playing with these commands

Deny access to a specific Subnet

iptables -I FORWARD -s -j DROP
change the IP to your own


Deny access to a specific IP address range with Logging
iptables -I FORWARD -m iprange --src-range -j logdrop

you can deny access to the range and exclude the gatway.

I got played around with these commands and got all clients to access the internet but not each other. You can also blcok all and then try opening just hte gatway port.

It may take some tweaking to suite your network.


commands taken form