Client isolation within Guest-WLAN possible?

    Hey guys,

    is it possible to isolate multiple clients within a (virtual wifi by vlan) from each other?

    Usage would be something like a small hotel, providing internet access to their guests,
    but i want to block all guests from accessing each other (eg. SMB services etc).

    The "AP isolation" GUI option supposedly does that but afaik it doesnt really work.
    Should be possible through iptables rules, right?
    If the AP Isolation feature doesn't work, then I don't think it can be done. iptables only works for routed connections. Since wireless clients are all on the same LAN segment, no routing is involved. I bet some enterprise wireless equipment could do it, but this is beyond Tomato's capabilities.
    That's why it's always recommended to use a VPN or some other tunneling protocol when on Public Wifi.
