[StavrosK]

I have four Wifi networks: One for me/trusted computers, one for untrusted devices without internet access, one with, and one for guests.

My network can access everything else, the untrusted networks can only initiate connections to my home server on the firmware upgrade port (which is used by devices around the house that I've made and which often look for OTA updates on my server), and the guest network can only access the internet.

[e40]

I would love to hear/see more details on how you set this up. It's something I'd like to do, but I'm not sure where to start (hw, sw, etc).

[StavrosK]

The wifi? I just got a Tomato-compatible router, there's a section in Tomato where you specify the networks you want. The connections are a few iptables rules, I could write a post at some point.

EDIT: Turns out I don't remember which settings were set by me and which ones the router added by itself. If you have a Tomato router and would like to help me replicate the setup so I can write the post, send me an email (email in profile)!

[FidelCashflow]

More details please. This is a glaring security hole in my home that I'd like to address.

[StavrosK]

I've set up virtual networks in Tomato and multiple Wifi access points, and bound each access point to each network. Then, with iptables rules I've allowed/disallowed connections from/to each. I can write it up if someone helps me reproduce it.