How to block an IP or MAC address on a router in OpenWrt

August

2020

How to block an IP or MAC address on a router in OpenWrt

Linux

6 August 2020 17:18

In a TP-Link network router ("router") with OpenWrt firmware, it was necessary to block the MAC address of the network device on the local network so that the device would not have access to the Internet.

OpenWrt firmware is well suited for "refreshing" old Wi-Fi routers (commonly called "Wi-Fi routers") in networks with low and medium load. It has advanced capabilities - such as managing NAT, DHCP and FireWall (like ip tables). Unlike proprietary firmware, OpenWrt has an additional module for managing bandwidth (traffic shaping) - sqm-scripts (and luci-app-sqm). In addition, OpenWrt is much more stable (the router never freezes or requires a reboot).

A device with an IP address and MAC appeared on the Wi-Fi network intended for employees, which did not exist before.

An unusual IP address was visible on a bookmark "Status" - "Overview" in the DHCP leases section. The task is to block the device by MAC address.

Procedure:

in OpenWrt in the LuCi graphical shell, on the Status - Overview tab, I selected the MAC address and copied it to the clipboard.
opened menu item Network - Firewall
Go to bookmark "Traffic rules".
I created a new rule at the bottom of the web page:"New forward rule", called it "block-ip"
- Name: block_ip
- Source zone: lan
- Destination zone: wan
  pressed the button "Add and edit".
In the rule parameters, in the field "Source MAC address" instead of the "any" value, you need to select from the list of existing IP and MAC or add an arbitrary MAC address:"--custom --".

In the field "Source MAC address" chose -- custom -- and pasted the MAC address from the clipboard.

Specified an action for processing packets - instead of "accept" I specified "reject", which means - reject TCP-IP and UDP packets with the specified parameters
Apply the rule by pressing the button "Save and Apply".