Is it possible (and how) to disable acces to shared directories and miniDLNA for clients in guests network only?
Thanks for your advices
I think it is possible via firewall rules (input, output and forwarding policy)
I think so, but how
miniDLNA uses port 8200 and 1900: https://help.ubuntu.com/community/MiniDLNA
So if you want to block that traffic for the guest wifi (default firewall zone “guest_turris”) you can open /etc/config/firewall and add this near the top of the file
config rule
option name 'Block dlna ssdp'
option src 'guest_turris'
option proto 'udp'
option dest_port '1900'
option target 'REJECT'
config rule
option name 'Block dlna trivnet1'
option src 'guest_turris'
option proto 'tcp'
option dest_port '8200'
option target 'REJECT'
This will reject all udp packets for port 1900 and tcp packets for 8200 if they come from the guest_turris fw zone.
After that restart the firewall (/etc/init.d/firewall restart
).
I haven’t tested this here because I’m not using dlna but it should block it.