[debian 9] Block WAN traffic but allow LAN traffic

By fehuris
in Linux

 Share

Recommended Posts

Collaborator

fehuris

Posted
Posted

Hey guys,

 

I have a machine setup as a file server running OMV (on Debian 9) hooked to my wireless router which also is the gateway to internet. What I want to do is block my file server from sending/receiving WAN traffic but allow LAN traffic. I did find some guides on stackexchange to do this by using iptables, but I need this for nftables. I have recently started learning Linux but I'm not familiar with this level of configuration. Can this be done at the machine level? And if so, how would I go about it? Thanks in advance.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

Collaborator

fehuris

Posted
  • Author
Posted
19 hours ago, BudMan said:

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

Thanks. Removing the default gateway did the trick. 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By Neonix1 · Posted

      Less powerful than a PS5 at twice the price! I wonder if they use that for marketing? Totally DoA.
    • Astra 0.6.1 Beta

      By Copernic · Posted

      Astra 0.6.1 Beta by Razvan Serea Astra is an audiophile music player designed for local music libraries, supporting MP3, FLAC, WAV, AAC, OGG, M4A, OPUS, WMA, AIFF, and more via FFmpeg. It offers gapless playback with pre-buffering, multichannel audio remapping, and Dolby Atmos decoding, ensuring albums play seamlessly while maintaining high-fidelity sound. Astra features real-time DSP visualizers powered by a native C++ engine, including an oscilloscope, spectrum analyzer, and vectorscope. A fully parametric 10-band EQ with live frequency response, built-in presets, and AutoEQ headphone calibration import lets you precisely shape your sound. Playback controls include shuffle, repeat, and drag-and-drop queue management, while the library automatically extracts metadata, album artwork, and supports global search, favorites, and recently played tracking. Additional features include output device selection, delay calibration, customizable themes, fullscreen and mini-player modes, Discord Rich Presence, optional Last.fm scrobbling, and an opt-in local API for integrations. Astra delivers a complete, high-quality desktop audio experience with no telemetry, accounts, or streaming. Astra 0.6.1 Beta changelog: Lyrics Initial XLRC support via @boof2015/xlrc 0.2.0 (#131) XLRC sidecar scanning, manual import, and renderer support Word timing, furigana, translations, voice labels, and translation-priority controls for XLRC Fullscreen lyrics overhaul with additional layout polish Manual lyrics editor with LRC, XLRC, and plain-text modes Drag-and-drop lyrics import plus sync offset controls Clickable synced lyrics for seeking, with popout and transport lyrics updates (#138) Fixed lyrics info sidebar scrolling (#138) Added a workaround for LRCLIB instability Metadata & Library Metadata editor rebuilt as a side panel Virtual DB metadata overrides and optional direct file tag writing Bulk metadata editing for title, artist, album, album artist, genre, year, track/disc numbers, and artwork Undo/redo support for virtual metadata edits Clear overrides action and default save-mode preference Artist page grid view added, with later design and sizing refinements Improved Jump to Playing with smart source, queue, album, artist, and library track targets Fixed smart source jump behavior Playlists Fixed VLC-style M3U import failures (#127) Added playlist export to M3U/M3U8 (#118) Improved imported playlist path resolution and missing-entry preservation Shuffle added to playlist pages (#121) Remove tracks directly from playlist views (#128) Fixed create-playlist-from-track modal closing when clicking inside it (#137) Multi-select quality-of-life fixes Right-click context menus no longer clear multiselections UI & Navigation Fixed UI scaling regressions in sidebar and home surfaces (#122, #123) Fixed transport bar regression (#126) Fixed horizontal scrolling on Home and Library rails Fixed artist grid sizing while searching Updated playlist action buttons and related layout polish Additional fullscreen lyrics visual adjustments Visualization Scopes and visualizers now respect UI scaling settings (#155) Added shared canvas sizing logic for correct DPR/backing-store behavior Canvas sizing tests added for visualizer scaling regressions Discord RPC Discord Rich Presence activity structure refactored Compact status can prioritize title or artist Profile info line can show file info or album Title and artist links can target YouTube Music, Last.fm, or be disabled Optional small Astra badge for cover-art presence Configurable “clear when paused” timing Added Discord activity tests Scrobbling Fixed custom Last.fm2 API profiles being accidentally blocked Expanded scrobbler profile protocol handling coverage Stability & Tests Added/expanded tests for XLRC parsing, lyrics presentation, metadata editor state, playlist import/export path handling, artist grid layout, horizontal scrolling, canvas sizing, and Discord RPC activity building Download: Astra 0.6.1 Beta | 138.0 MB (Open Source) View: Astra Home Page | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • DWARF mini review: the world's smallest smart telescope for night and day sky captures

      By Brian Miller · Posted

      How does it compare to the "SeeStar S30 Pro" and the "Vespera PRO 2"?
    • Politically funny images of the World

      By Michael Scrip · Posted

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By excalpius · Posted

      Indeed. And note that those units are MUCH cheaper than this new Steam Machine...ahem.

  • Recent Achievements

    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post
    • Dedicated
      tuben earned a badge
      Dedicated
    • Week One Done
      mnsgroup earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      502
    2. 2
      +Edouard
      209
    3. 3
      PsYcHoKiLLa
      100
    4. 4
      Michael Scrip
      85
    5. 5
      neufuse
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!