This menu allows you to define LAN-to-LAN traffic where it otherwise would be blocked.

For example, let's say we have two LANs, a primary one (LAN0/br0) and a secondary one (LAN1/br1). If you want devices on LAN0 to communicate with devices on LAN1 (and vice versa), you could use these settings:

On: enables the rule defined on this row of the table.

Src: displays/lets you configure the (Logical) Source LAN for the rule on that row of the table.

Src Address: lets you narrow the rule to a specific IP address/set of addresses within the Src interface.

Dst: here, specify the logical Destination LAN for the rule on this row of the table.

Dst Address: (optionally), narrows the rule to a specific IP address/set of addresses within the Dst interface.

Description: a free text field in which you can enter whatever you wish, such as notes, reminders.

• Before version 2025.5, regardless of LAN Access rules, a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This have been changed from version 2025.5 and newer, now the router LAN interfaces can only be reached from within the same subnet, e.g. a device at 192.168.10.10 can only reach the router at its address on the same subnet e.g. 192.168.10.1.
• All entries in LAN Access are one-way only. For example, if you want hosts on LAN0 to be able to communicate with hosts on LAN1, and vice versa, you'll need two entries in the table to achieve that.
• LAN Access is an IP-level access control. Therefore, all ports/protocols are automatically enabled. If additional fine tuning is needed (for example, you want to allow only allow port 80/TCP) you'll need to manually configure settings instead.