[debian 9] Block WAN traffic but allow LAN traffic

By fehuris
in Linux

 Share

Recommended Posts

Collaborator

fehuris

Posted
Posted

Hey guys,

 

I have a machine setup as a file server running OMV (on Debian 9) hooked to my wireless router which also is the gateway to internet. What I want to do is block my file server from sending/receiving WAN traffic but allow LAN traffic. I did find some guides on stackexchange to do this by using iptables, but I need this for nftables. I have recently started learning Linux but I'm not familiar with this level of configuration. Can this be done at the machine level? And if so, how would I go about it? Thanks in advance.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

Collaborator

fehuris

Posted
  • Author
Posted
19 hours ago, BudMan said:

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

Thanks. Removing the default gateway did the trick. 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • [Official] Doctor Who Thread

      By PsYcHoKiLLa · Posted

      RTD and Bad Wolf out Everybody lied, there was never a Christmas script done, even though they said there was RTD brought it back then killed it with the PC overload and garbage nonsensical stories Who knows what production company will want to drink from the poisoned chalice now. The squandered opportunity with the Disney partnership will go down in production folklore
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By Jaybonaut · Posted

      Problem with that is Vivaldi is the slowest chromium browser I have ever used. I keep trying it every few months in case performance has improved. ...and it's not due to specs or config. 5900x/32gigs/RTX3080 here, Win 11 25H2 etc.
    • Phone Dilemma

      By +virtorio · Posted

      My only concern would be the state of the battery. I'd be getting one from a place you trust and perhaps has a decent warranty.
    • [Official] Doctor Who Thread

      By Stuman · Posted

      Like yourself Steven P I have watched it from the days of William Hartnell, It was good when we had the Darlek's and the Cybermen. Sad to see one of the longest running shows in the world die a sad death.  
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By Case_f · Posted

      My problem with FF is I have to jump through hoops to get at least somewhat close to what Vivaldi gives me out of the box, with no real advantage that would make it worth my while. (But hey, apparently there's now at least experimental support for HDR in FF. I mean it's about a decade too late, but still...finally!) Brave I was never the least interested in, never saw the point, not to mention there's been quite a bit of drama surrounding them over the years. But I've been a faithful and very happy Opera user all the way back to 2001(ish), so once Vivaldi showed up following that awkward period of time after the key people left Opera and the company was sold, I never really looked back. And they never once made me question my choices.

  • Recent Achievements

    • One Month Later
      Sopa flores earned a badge
      One Month Later
    • First Post
      StaticMatrix earned a badge
      First Post
    • Week One Done
      StaticMatrix earned a badge
      Week One Done
    • Rookie
      lamborghiniv10 went up a rank
      Rookie
    • One Month Later
      pinnclepd earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      PsYcHoKiLLa
      208
    3. 3
      +Edouard
      152
    4. 4
      Steven P.
      88
    5. 5
      ATLien_0
      79
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!