Hey everyone, quick question: Can i block access to certain ports on the router just on one interface? I am quite sure it should work using iptables like this: Code: iptables -I FORWARD -i br1 -p tcp --dport 22 -d 192.168.200.1 -j REJECT --reject-with tcp-reset In this example my virtual SSID WLAN for guests is device br1 and the router has the 192.168.200.1 IP there. I want to block access to port 22 (default SSH) from that network, while still allowing access from my private WLAN (br0 device). I added the iptables line to the firewall script box, did nvram commit and rebooted the router, but i still can access SSH. Do i need a sleep cycle in the firewall script maybe? And then restart iptables because maybe the SSH daemon is started after iptables and it overwrites it?