HI I am user of Tomato RAF 1.25.8515.2 ND. I use WAN port for LAN, also I use AP for wireless clients. I want to block some wireless clients with static IP to access to other computer in LAN (wire) at port 20 and 21 and use other port from this computer. Can anybody help me? I tried to use this iptables -I FORWARD -s 192.168.1.21 --dport 21 -j DROP iptables -I INPUT -s 192.168.1.21 --dport 21 -j DROP iptables -I OUTPUT -s 192.168.1.21 --dport 21 -j DROP to block access from 192.168.1.21 (wireless client) to 192.168.1.1 (wired) at port 21 (WRT is 192.168.1.100). But it's now working.