Router security issue

if i got it right, you mean, you want the hosts in your local network not to be able even ping each other except the gateway-DSL router- modem (or just the router ip)

if so, you don't need a firewall, you need an access control mechanism (it may be called firewall, but not exactly)

if you obtain a basic cisco router with two fastetherent port; you can apply the access list rules below:

1) first of all; suppose that fasteth 1 is your wan (DSL modem) site and fasteth 2 is your local network site: 2) suppose that your local network range is 192.168.1.0 / 24 (255.255.255.0) and gateway is 192.168.1.1 3) enter the commands in cli below:

router(config)# access list 10 permit ip any host 192.168.1.1 router(config)# access list 10 deny ip any 192.168.1.0 0.0.0.255 router(config)# access list 10 permit ip any any router(config)# interface fastethernet 2 router(config-if)# ip access-group 10 in

--------------------------------------------------------------------

the first line allows the packets destined to gateway (if this rule is matched, then the second line rule is ignored) the second line drops the packets destined to local network the third line allows other packets wherever they are destined to the fifth line command applies the access list 10 to the fastethernet interface 2 (may be 1/2) for inbound traffic to that interface.

sorry not to mention other basic configs for router such as ip address, no shut etc.

the other solution for your problem you can use a computer which runs linux with two eth card and deploy it as a router between your local netw. and dsl modem. then you have to write a script with IPTABLES as access control like the one above.

good luck