I am having TP-Link WR841Nv11 router and I upgrade it to openwrt for using captive portal. I am using coova-chilli for captive portal. I setup router with 2 ssid's one is for private use and other it will ask to login through captive portal for external users.
Everything is working fine, but the issue is after login through captive portal user can access the routers webpage and also able to ssh. I want to stop users to access router page and ssh as well.
I found answer for my own question. Hopefully, this will be useful for
someone in the future. I made new network interface. Do cahnges in following files.
In /etc/config/network
config interface 'youfi'
option ifname 'eth2'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
option isolate '1'
In /etc/config/dhcp
config dhcp 'youfi'
option interface 'youfi'
option start '50'
option limit '200'
option leasetime '1h'
In /etc/config/firewall
config zone
option name 'youfi'
option forward 'REJECT'
option output 'ACCEPT'
option network 'youfi'
option input 'REJECT'
config forwarding
option dest 'wan'
option src 'youfi'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'youfi DNS'
option src 'youfi'
config rule
option enabled '1'
option target 'ACCEPT'
option name 'youfi DHCP'
option src 'youfi'
option proto 'udp'
option dest_port '67-68'
In /etc/config/wireless
config wifi-iface
option device 'radio0'
option network 'youfi'
option mode 'ap'
option encryption 'none'
option ssid 'abcxyz'
In /etc/config/chilli
Change in this line do br-lan to br-youfi
option dhcpif br-lan
to
option dhcpif br-youfi
and then
/etc/init.d/chilli stop
/etc/init.d/chilli start
It is working as I want.