Disable internet on tethered WIFI AP

ElectricPim · December 22, 2021 at 7:23 PM

LibreElec 10.0.1 RPI4.

Very happy with it.

How do I disable internet access on a tethered Wifi AP?

I tried

Code

echo 0 > /proc/sys/net/ipv4/ip_forward

but that also disables internet for docker containers.

Can I configure this with connmanctl, or is it a iptables setting?

**chewitt** · December 23, 2021 at 5:59 AM

The tether is intentionally simple with on/off options so I think you will need to fiddle with iptables to block traffic.

ElectricPim · December 30, 2021 at 12:52 PM

Thank you.

And if want use to use an USB WIFI adapter (which I can put on a USB extension cable to get a bit better coverage) instead of the built-in one.

Is that possible?

**chewitt** · December 31, 2021 at 7:26 AM

ConnMan has no method for chosing which WLAN card the tether should run on, so you may need to blacklist driver modules to disable the internal card. Once that's done, it should work, as long as the driver for the USB card supports AP modes; most do, but not all <insert usual statement about garbage realtek drivers>.

ElectricPim · January 3, 2022 at 1:00 PM

Thanks again.

I managed quite easily with just adding an external USB WIFI (RTL8188CUS) dongle, reboot and issuing:

Code

ip link set wlan0 down
iptables -A FORWARD -i tether -o eth0 -j DROP

That should meet my requirements. (Or do I miss something?)

**chewitt** · January 3, 2022 at 6:31 PM

If it works, that's fine