IP Tables and an ASUS RT-AC68P with Merlin WRT

PSPCommOp

Getting the hang of it
Joined
Jun 17, 2016
Messages
694
Reaction score
91
Location
Northeastern PA
Finally took the plunge and decided to try and block outgoing traffic from my cameras. Found this tutorial which seemed to be everything unneeded...
How to block ip camera from accessing the internet

Modified the code to fit each IP cam. Made it executable. Rebooted (twice). Still not sure I did it right and the only way I know how to check is pinging the cameras.

This other tutorial seems to show (about halfway down) that when you write the script to DROP the connection, it should time out when pinged.
The Beginner’s Guide to iptables, the Linux Firewall

I can still ping from my BI PC which I'm sure is what I want since they're on the same switch and wouldn't allow recording otherwise. I tried pinging the phone from my MacBook in terminal which is in the same LAN, but did so over wifi so the ping has to go thru the router and it's coming back with data.

I'm sure it's probably obvious to a lot of the network gurus here but what can I be doing wrong? I've written a few other scripts in nano and vi and they've been successful so I'm not sure what I could have been doing wrong.


Sent from my iPhone using Tapatalk
 
Last edited:

Kawboy12R

Known around here
Joined
Nov 18, 2014
Messages
1,771
Reaction score
609
I haven't looked at your links but it should be dirt simple from within your router. There's an option in my Asus to click on a device and choose options, one of which is block from internet access. No need to depend on a script.

This isn't with Merlin though...
 

PSPCommOp

Getting the hang of it
Joined
Jun 17, 2016
Messages
694
Reaction score
91
Location
Northeastern PA
I haven't looked at your links but it should be dirt simple from within your router. There's an option in my Asus to click on a device and choose options, one of which is block from internet access. No need to depend on a script.

This isn't with Merlin though...
There's a Client List in the Network Map but it just shows the address and the tx/rx rates, doesn't give the option to block. I'm on the newest version of Merlin too.


Sent from my iPhone using Tapatalk
 

yobigd20

Young grasshopper
Joined
Jun 23, 2016
Messages
45
Reaction score
24
I tried pinging the phone from my MacBook in terminal which is in the same LAN, but did so over wifi so the ping has to go thru the router and it's coming back with data.
Setting up a firewall rule to block INTERNET access for a machine/device will not stop traffic coming to/from other machines on the same network even if they pass through the same router because those packets are not hitting the WAN firewall at all.


Sent from my iPhone using Tapatalk Pro
 

PSPCommOp

Getting the hang of it
Joined
Jun 17, 2016
Messages
694
Reaction score
91
Location
Northeastern PA
Setting up a firewall rule to block INTERNET access for a machine/device will not stop traffic coming to/from other machines on the same network even if they pass through the same router because those packets are not hitting the WAN firewall at all.


Sent from my iPhone using Tapatalk Pro
Thanks for the reply, that was one of my questions since I'm not familiar with this kinda stuff. The one tutorial I saw showed the ping timing out and it looked like it was on the same network so I wasn't sure. I still need to figure out how to check it correctly then.


Sent from my iPhone using Tapatalk
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
if your on the same subnet your router will not be doing any firewall filtering, this is going to be difficult to test.. you'll need to get telnet access to the camera and see if they can reach anything external.. or enable firewall logging and try to force camera to send a test email and see if the logs are blocking it.
 

PSPCommOp

Getting the hang of it
Joined
Jun 17, 2016
Messages
694
Reaction score
91
Location
Northeastern PA
if your on the same subnet your router will not be doing any firewall filtering, this is going to be difficult to test.. you'll need to get telnet access to the camera and see if they can reach anything external.. or enable firewall logging and try to force camera to send a test email and see if the logs are blocking it.
I believe there is actually a function within the camera to send emails out. I will have to look around in the settings and see if I can find something. It's a HikVis turret so the GUI does have a good bit of features to it.

Thanks for the reply man.


Sent from my iPhone using Tapatalk
 
Top