I need your help on how to prevent my webcam from internet access.
The webcam is a cheap one from china with some shady apps... I do not trust them at all. So I want to use it within my Synology Surveillance Station only. The camera was found via ONVIF in my synology station (which is connected to my router via LAN) without any problems and is working just fine.
The webcam is connected via WLAN and is the only device allowed to connect to it (allow listed devices only / mac-addr filter).
Now I added the following rules to my firewall in openwrt luci:
config rule
option src lan
option dest wan
option src_ip 192.168.1.220
option proto all
option target REJECT
config rule
option enabled '1'
option src 'lan'
option dest 'wan'
option name 'Drop_device'
option family 'ipv4'
option proto 'all'
option src_ip '192.168.1.220'
option target 'DROP'
I went one step further, and created a separate "guest like" network for the cameras. This network cannot reach internet or my other networks, but I can reach it from my LAN.
well I cant find an option on luci to create traffic rules... I am only able to edit existing ones but there is no "add" button at the traffic rules section.
Put the new interface (192.168.3.1) in a separate zone. Configure the firewall to permit or deny specific traffic to and from that zone to meet your requirements.