diff --git a/includes/firewall.php b/includes/firewall.php
index af7a129e..dc2397cf 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -103,9 +103,9 @@ function configureFirewall() {
 }
 
 function WriteFirewallConf($conf) {
-    $ret = false;
-    if ( is_array($conf) ) $ret = write_php_ini($conf,RASPAP_FIREWALL_CONF);
-    return $ret;
+	$ret = false;
+     	if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+	return $ret;
 }
 
 
@@ -127,7 +127,7 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
-    
+
 # get openvpn server IP (if existing)
     if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) {
       exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret);
@@ -142,7 +142,7 @@ function ReadFirewallConf() {
     }
 # get wireguard server IP (if existing)
     if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
-# search for endpoint       
+# search for endpoint
     }
     return $conf;
 }
@@ -158,6 +158,13 @@ function DisplayFirewallConfig()
     getWifiInterface();
     $ap_device = $_SESSION['ap_interface'];
     $clients = getClients();
+    $str_clients = "";
+    foreach( $clients["device"] as $dev ) {
+       if ( !$dev["isAP"] ) {
+          if ( !empty($str_clients) ) $str_clients .= ", ";
+          $str_clients .= $dev["name"];
+       }
+    }
     $fw_conf = ReadFirewallConf();
     $fw_conf["ap-device"] = $ap_device;
     $id=findCurrentClientIndex($clients);
@@ -170,13 +177,21 @@ function DisplayFirewallConfig()
         if ( isset($_POST['apply-firewall']) )  $status->addMessage(_('Firewall settings changed'), 'success');
         if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
         if ( isset($_POST['save-firewall']) )  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
+        if ( isset($_POST['excl-devices'])  ) {
+           $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
+           $excl = str_replace(' ', '', $excl);
+           if ( !empty($excl) && $fw_conf["excl-devices"] != $excl ) {
+               $status->addMessage(_('Exclude devices '. $excl), 'success');
+               $fw_conf["excl-devices"] = $excl;
+           }
+        }
         WriteFirewallConf($fw_conf);
         configureFirewall();
     }
     echo renderTemplate("firewall", compact(
                 "status",
                 "ap_device",
-                "clients",
+                "str_clients",
                 "fw_conf",
                 "ipt_rules")
     );
diff --git a/templates/firewall.php b/templates/firewall.php
index 39e41b71..e20217e4 100644
--- a/templates/firewall.php
+++ b/templates/firewall.php
@@ -18,10 +18,9 @@
         <?php endif ?>
         <div class="row">
           <div class="col-md-6">
-            <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed.") ?></small></p>
+            <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed. There are no restrictions for the access point.") ?></small></p>
           </div>
         </div>
-
         <form id="frm-firewall" action="firewall_conf" method="POST" >
           <?php echo CSRFTokenFieldTag(); ?>
           <h5><?php echo _("Exceptions for Services"); ?></h4>
@@ -40,6 +39,16 @@
                 </p>
             </div>
           </div>
+          <h5><?php echo _("Exclusions from the firewall"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
+                <input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description"  >
+                <p class="mb-0" id="exclusion-description">
+                    <small><?php echo _("Exclude the given network device(s) (separated by a comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
+                </p>
+            </div>
+          </div>
           <?php if ($fw_conf["firewall-enable"]) : ?>
               <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
               <input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>"  name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>
