BlueIris's built in firewall

Tinman

Tinman

Known around here
Nov 2, 2015
1,338
1,750
USA
After getting my VPN setup on my BI machine I was playing around and noticed that you could limit IP addresses that would connect to BI. Now that I know what my clients range is, I added this into the "Limit IP access" box. This may not suit your needs, but in my case I only have 3 family members who have access to some of my cams, so it was just a little more security. I copied this from BI's help section to show what you can use in the "Limit IP access" box. Also these are just some example numbers in my pic.
fire.JPG

The Limit IP access box provides basic firewall capability for the web server. If left blank, or if there are no specific inclusions, all IP addresses are allowed to connect if not specifically excluded. To add an included IP address or range of addresses, just enter the IP address, optionally preceded by a + (plus). Use the * character in place of a number as a wildcard. To add an excluded IP address or range of addresses, precede the address with a - (minus). Separate multiple addresses with either a comma or a semicolon. Here are some example:

+192.168.*.* allow all typical LAN addresses
-58.*.*.* deny any address beginning with 58.
+68.77.123.1 allow this one specific Internet address
^68.22.1.* allow a range of IP addresses AND skip authentication with admin access (use carefully)
 
  • Like
Reactions: Alimanya, NoloC and bp2008
One more thing this is good for. I used to run "Non-lan only" for authentication so I could view my cameras on smart TV's browser. But once I went to the VPN any of my family were logging in as anonymous and this was not acceptable. So I made my TV have a static IP and then added it in the box posted above with the ^192.168.200.125 and now my TV works with the "All connections" checked.

Further update: evidently after the latest Samsung TV firmware update to my TV I can now logon to my cams through the browser using "Secure only" checked. No need to add the above.
 
Last edited:
  • Like
Reactions: GlennNZ
I tried setting this up this morning and it appears to work quite well. I limited it to a few networks only that I trusted. It appears to have accomplished what I wanted. Prevent my kids from getting on an unsecure network with the Blue Iris Server. It also should cut down on unknown ip's hitting me up for access.
 
Tinman said:
After getting my VPN setup on my BI machine I was playing around and noticed that you could limit IP addresses that would connect to BI. Now that I know what my clients range is, I added this into the "Limit IP access" box. This may not suit your needs, but in my case I only have 3 family members who have access to some of my cams, so it was just a little more security. I copied this from BI's help section to show what you can use in the "Limit IP access" box. Also these are just some example numbers in my pic.
View attachment 16650

The Limit IP access box provides basic firewall capability for the web server. If left blank, or if there are no specific inclusions, all IP addresses are allowed to connect if not specifically excluded. To add an included IP address or range of addresses, just enter the IP address, optionally preceded by a + (plus). Use the * character in place of a number as a wildcard. To add an excluded IP address or range of addresses, precede the address with a - (minus). Separate multiple addresses with either a comma or a semicolon. Here are some example:

+192.168.*.* allow all typical LAN addresses
-58.*.*.* deny any address beginning with 58.
+68.77.123.1 allow this one specific Internet address
^68.22.1.* allow a range of IP addresses AND skip authentication with admin access (use carefully)
Click to expand...

Thank you for this information! In the last few weeks I was having trouble with my BlueIris app not connecting. I have the allowed connections set to only 1 and it would tell me maximum number of allowed users reached. I have the ability to connect to my BlueIris server remotely from work so I would login and check the status log when I got that error. Sure enough there was always an ip address that I did not recognize. I don't think access was gained because frames was always at 0 and I have authentication required for all connections. Anyways, this makes me feel a lot better. I have added an IP range for my cell phone as that address changes from time to time and my local range. Thanks again!
 
You must log in or register to reply here.
Top Bottom