On 2023-04-30 14:12, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-30 12:34, Per Jessen wrote:
Carlos E. R. wrote:
On a known machine : iptables -I INPUT -p all -s 192.168.34.0/24 -j ACCEPT iptables -I INPUT -p all -s 192.168.101.0/24 -j DROP
All that is very nice, but I do need new hardware to assign 192.168.101.0/24 to guests. Currently I have no way to do that.
I thought you said your router supported allocating fixed addresses, up to 30 ?
Ok, yes, but I'm not going to bother to use those for guests. Too much work.
I didn't suggest that.
For most common home routers I have seen, the guest configuration is only about giving guests a different SSID and password than the main one. They get IPs from the same pool as the household.
That is fine - assign fixed addresses to the household machines.
Bufff. I did, most of them... then replaced the router and config destroyed. I'm too lazy,
Actually, you are not lazy enough or you have too much time an your hands.
You spend days fiddling with a tedious firewall setup, dragging around age old stuff that you have long forgotten the purpose of, trying to figure out if a dhcp client request should be allowed or not.
That's an itch that I like scratching, and it is just now. It is something new to learn about. Yes, and now I'm doing it again, on the desktop machine. The other thing would be for ever.
I am lazy or I don't have enough time - I can't be bothered with all that tedium. Split the machines into trusted and untrusted (simplified) and set up rules for trusted and unstrusted. Essentially two rules, all done.
:-) -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)