I'm trying to troubleshoot the reachability of some hosts on the wifi network. I noticed that someone had disallowed reaching the local LAN. Is there any means of seeing what traffic has been or is being denied by that AP firewall policy?
I can’t remember if denying access to the Local LAN is the default rule on a MR, it could well be. Anyway, the deny traffic to the Local LAN setting on the MR just denies all traffic to the private IP address ranges, so the 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8 blocks.
As for logging, there’s Syslog, but I don’t believe that actually tells you which rule is dropping traffic on the MR, although it may still assist.