diff --git a/patches/0071-netifd-backport-bridge_isolate-patches.patch b/patches/0071-netifd-backport-bridge_isolate-patches.patch
new file mode 100644
index 000000000..4f98ae818
--- /dev/null
+++ b/patches/0071-netifd-backport-bridge_isolate-patches.patch
@@ -0,0 +1,263 @@
+From 0455c47e0e042952c00a1bd0df00f0152d193d99 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 22 Nov 2023 12:16:52 +0100
+Subject: [PATCH] netifd: backport bridge_isolate patches
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ ...-bogus-debug-error-messages-on-addin.patch |  45 +++++
+ ...2-wireless-add-bridge_isolate-option.patch | 190 ++++++++++++++++++
+ 2 files changed, 235 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch
+ create mode 100644 package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch
+
+diff --git a/package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch b/package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch
+new file mode 100644
+index 0000000000..3f1ef587ea
+--- /dev/null
++++ b/package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch
+@@ -0,0 +1,45 @@
++From 7642eaba383869cab997d2e7ffdb1b58fd536e29 Mon Sep 17 00:00:00 2001
++From: Felix Fietkau <nbd@nbd.name>
++Date: Mon, 20 Nov 2023 18:35:49 +0100
++Subject: [PATCH 1/2] system-linux: fix bogus debug error messages on adding
++ bridge members
++
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++ system-linux.c | 17 ++++++++++-------
++ 1 file changed, 10 insertions(+), 7 deletions(-)
++
++diff --git a/system-linux.c b/system-linux.c
++index cc1b5e9..96cc993 100644
++--- a/system-linux.c
+++++ b/system-linux.c
++@@ -948,16 +948,19 @@ int system_bridge_addif(struct device *bridge, struct device *dev)
++ 	int tries = 0;
++ 	int ret;
++ 
++-retry:
++-	ret = 0;
++-	oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf));
++-	if (!oldbr || strcmp(oldbr, bridge->ifname) != 0) {
+++
+++	for (tries = 0; tries < 3; tries++) {
+++		ret = 0;
+++		oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf));
+++		if (oldbr && !strcmp(oldbr, bridge->ifname))
+++			break;
+++
++ 		ret = system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL);
++-		tries++;
+++		if (!ret)
+++			break;
+++
++ 		D(SYSTEM, "Failed to add device '%s' to bridge '%s' (tries=%d): %s\n",
++ 		  dev->ifname, bridge->ifname, tries, strerror(errno));
++-		if (tries <= 3)
++-			goto retry;
++ 	}
++ 
++ 	if (dev->wireless)
++-- 
++2.34.1
++
+diff --git a/package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch b/package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch
+new file mode 100644
+index 0000000000..2a2378ed38
+--- /dev/null
++++ b/package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch
+@@ -0,0 +1,190 @@
++From f3e06e81b347bbdec1c6c71603328b6e442728d4 Mon Sep 17 00:00:00 2001
++From: Felix Fietkau <nbd@nbd.name>
++Date: Mon, 20 Nov 2023 19:03:06 +0100
++Subject: [PATCH 2/2] wireless: add bridge_isolate option
++
++This enables the device bridge port isolate flag
++
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++ device.c                   |  5 +++-
++ scripts/netifd-wireless.sh |  2 ++
++ wireless.c                 | 48 +++++++++++++++++++++++++++-----------
++ wireless.h                 |  2 ++
++ 4 files changed, 42 insertions(+), 15 deletions(-)
++
++diff --git a/device.c b/device.c
++index 199622f..839f7ec 100644
++--- a/device.c
+++++ b/device.c
++@@ -354,7 +354,10 @@ device_init_settings(struct device *dev, struct blob_attr **tb)
++ 	struct ether_addr *ea;
++ 	bool disabled = false;
++ 
++-	s->flags = 0;
+++	if (dev->wireless)
+++		s->flags &= DEV_OPT_ISOLATE;
+++	else
+++		s->flags = 0;
++ 	if ((cur = tb[DEV_ATTR_ENABLED]))
++ 		disabled = !blobmsg_get_bool(cur);
++ 
++diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
++index 7f088cc..5b852e0 100644
++--- a/scripts/netifd-wireless.sh
+++++ b/scripts/netifd-wireless.sh
++@@ -378,10 +378,12 @@ _wdev_common_device_config() {
++ 
++ _wdev_common_iface_config() {
++ 	config_add_string mode ssid encryption 'key:wpakey'
+++	config_add_boolean bridge_isolate
++ }
++ 
++ _wdev_common_vlan_config() {
++ 	config_add_string name vid iface
+++	config_add_boolean bridge_isolate
++ }
++ 
++ _wdev_common_station_config() {
++diff --git a/wireless.c b/wireless.c
++index 91663e8..654c87e 100644
++--- a/wireless.c
+++++ b/wireless.c
++@@ -63,6 +63,7 @@ enum {
++ 	VIF_ATTR_DISABLED,
++ 	VIF_ATTR_NETWORK,
++ 	VIF_ATTR_NETWORK_VLAN,
+++	VIF_ATTR_BRIDGE_ISOLATE,
++ 	VIF_ATTR_ISOLATE,
++ 	VIF_ATTR_MODE,
++ 	VIF_ATTR_PROXYARP,
++@@ -74,6 +75,7 @@ static const struct blobmsg_policy vif_policy[__VIF_ATTR_MAX] = {
++ 	[VIF_ATTR_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
++ 	[VIF_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY },
++ 	[VIF_ATTR_NETWORK_VLAN] = { .name = "network_vlan", .type = BLOBMSG_TYPE_ARRAY },
+++	[VIF_ATTR_BRIDGE_ISOLATE] = { .name = "bridge_isolate", .type = BLOBMSG_TYPE_BOOL },
++ 	[VIF_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL },
++ 	[VIF_ATTR_MODE] = { .name = "mode", .type = BLOBMSG_TYPE_STRING },
++ 	[VIF_ATTR_PROXYARP] = { .name = "proxy_arp", .type = BLOBMSG_TYPE_BOOL },
++@@ -89,6 +91,7 @@ enum {
++ 	VLAN_ATTR_DISABLED,
++ 	VLAN_ATTR_NETWORK,
++ 	VLAN_ATTR_NETWORK_VLAN,
+++	VLAN_ATTR_BRIDGE_ISOLATE,
++ 	VLAN_ATTR_ISOLATE,
++ 	VLAN_ATTR_MCAST_TO_UCAST,
++ 	__VLAN_ATTR_MAX,
++@@ -98,6 +101,7 @@ static const struct blobmsg_policy vlan_policy[__VLAN_ATTR_MAX] = {
++ 	[VLAN_ATTR_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
++ 	[VLAN_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY },
++ 	[VLAN_ATTR_NETWORK_VLAN] = { .name = "network_vlan", .type = BLOBMSG_TYPE_ARRAY },
+++	[VLAN_ATTR_BRIDGE_ISOLATE] = { .name = "bridge_isolate", .type = BLOBMSG_TYPE_BOOL },
++ 	[VLAN_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL },
++ 	[VLAN_ATTR_MCAST_TO_UCAST] = { .name = "multicast_to_unicast", .type = BLOBMSG_TYPE_BOOL },
++ };
++@@ -338,6 +342,7 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, const
++ 	struct interface *iface;
++ 	struct blob_attr *cur;
++ 	const char *network;
+++	struct device *dev;
++ 	size_t rem;
++ 
++ 	if (!vif->network || !vif->ifname)
++@@ -346,19 +351,27 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, const
++ 	if (!ifname)
++ 		ifname = vif->ifname;
++ 
++-	if (up) {
++-		struct device *dev = __device_get(ifname, 2, false);
+++	if (!up)
+++		goto out;
++ 
++-		if (dev && !strcmp(ifname, vif->ifname)) {
++-			dev->wireless_isolate = vif->isolate;
++-			dev->wireless_proxyarp = vif->proxyarp;
++-			dev->wireless = true;
++-			dev->wireless_ap = vif->ap_mode;
++-			wireless_device_set_mcast_to_unicast(dev, vif->multicast_to_unicast);
++-			dev->bpdu_filter = dev->wireless_ap;
++-		}
++-	}
+++	dev = __device_get(ifname, 2, false);
+++	if (!dev)
+++		goto out;
++ 
+++	dev->wireless = true;
+++	dev->settings.flags |= DEV_OPT_ISOLATE;
+++	dev->settings.isolate = vif->bridge_isolate;
+++
+++	if (strcmp(ifname, vif->ifname) != 0)
+++		goto out;
+++
+++	dev->wireless_isolate = vif->isolate;
+++	dev->wireless_proxyarp = vif->proxyarp;
+++	dev->wireless_ap = vif->ap_mode;
+++	wireless_device_set_mcast_to_unicast(dev, vif->multicast_to_unicast);
+++	dev->bpdu_filter = dev->wireless_ap;
+++
+++out:
++ 	blobmsg_for_each_attr(cur, vif->network, rem) {
++ 		network = blobmsg_data(cur);
++ 
++@@ -387,6 +400,8 @@ static void wireless_vlan_handle_link(struct wireless_vlan *vlan, bool up)
++ 			dev->wireless = true;
++ 			dev->wireless_ap = true;
++ 			dev->bpdu_filter = true;
+++			dev->settings.flags |= DEV_OPT_ISOLATE;
+++			dev->settings.isolate = vlan->bridge_isolate;
++ 			wireless_device_set_mcast_to_unicast(dev, vlan->multicast_to_unicast);
++ 		}
++ 	}
++@@ -834,8 +849,11 @@ wireless_interface_init_config(struct wireless_interface *vif)
++ 	cur = tb[VIF_ATTR_MODE];
++ 	vif->ap_mode = cur && !strcmp(blobmsg_get_string(cur), "ap");
++ 
+++	cur = tb[VIF_ATTR_BRIDGE_ISOLATE];
+++	vif->bridge_isolate = cur && blobmsg_get_bool(cur);
+++
++ 	cur = tb[VIF_ATTR_ISOLATE];
++-	vif->isolate = vif->ap_mode && cur && blobmsg_get_bool(cur);
+++	vif->isolate = cur && blobmsg_get_bool(cur);
++ 
++ 	cur = tb[VIF_ATTR_PROXYARP];
++ 	vif->proxyarp = vif->ap_mode && cur && blobmsg_get_bool(cur);
++@@ -912,9 +930,11 @@ wireless_vlan_init_config(struct wireless_vlan *vlan)
++ 	if ((cur = tb[VLAN_ATTR_NETWORK_VLAN]))
++ 		vlan->network_vlan = cur;
++ 
+++	cur = tb[VLAN_ATTR_BRIDGE_ISOLATE];
+++	vlan->bridge_isolate = cur && blobmsg_get_bool(cur);
+++
++ 	cur = tb[VLAN_ATTR_ISOLATE];
++-	if (cur)
++-		vlan->isolate = blobmsg_get_bool(cur);
+++	vlan->isolate = cur && blobmsg_get_bool(cur);
++ 
++ 	cur = tb[VLAN_ATTR_MCAST_TO_UCAST];
++ 	vlan->multicast_to_unicast = cur ? blobmsg_get_bool(cur) : -1;
++diff --git a/wireless.h b/wireless.h
++index f8bbd2f..7059723 100644
++--- a/wireless.h
+++++ b/wireless.h
++@@ -90,6 +90,7 @@ struct wireless_interface {
++ 	struct blob_attr *network_vlan;
++ 	bool proxyarp;
++ 	bool isolate;
+++	bool bridge_isolate;
++ 	bool ap_mode;
++ 	int multicast_to_unicast;
++ 	int vlan_idx;
++@@ -110,6 +111,7 @@ struct wireless_vlan {
++ 	struct blob_attr *network_vlan;
++ 	int multicast_to_unicast;
++ 	bool isolate;
+++	bool bridge_isolate;
++ };
++ 
++ struct wireless_station {
++-- 
++2.34.1
++
+-- 
+2.34.1
+