I bought a Foscam IP camera, I want to disable telnet port 23. The camera is connected to the router, I can connect to the camera via telnet with my computer through the router. I would like the router to disable the telnet port, making it inaccessible from other devices.
That rule doesn't do anything at all since the source and destination addresses are the same.
Your camera's telnet connection will not be available from the internet, but it will be accessible from your LAN.
If you wish to block your camera's connection to the internet, make the following changes to that rule:
protocol all (or TCP+UDP is fine).
source zone LAN
source address 192.168.1.106 (same as it is now)
destination zone WAN
destination address empty
destination port empty
As I said before, incoming connections are not allowed by default... but the above rule blocks everything that the camera can do on the internet, it that is desired.
You cannot block access to the camera (including telnet) from your LAN because the router/firewall is not involved in LAN-to-LAN connections. If you need to block telnet access from the LAN, as others have already said, you need to setup a VLAN so that you can put the camera on a different network -- at that point, you can block access to telnet (and/or anything else) from your main LAN to the camera.
That router is really old and cannot be upgraded beyond your current version.
This version is no longer supported and has security vulnerabilities that are not patched. It would be wise to upgrade your hardware such that you can use the latest version.
But anyway, the setup you have will use the swconfig method of configuring VLANs. The link I provided above should hopefully give you an idea of how it all comes together. Start there and ask specific questions where you are confused or having difficulty.
Yes, it is indeed an old version. But I was thinking that I don't necessarily let the camera out to the internet, it's enough if the NAS server records the recordings. But for that I need to ensure that the network is protected, that it cannot be physically attacked, or if it is, that there is trace of it.
The issue with the older versions (18.06 and earlier in particular) is that they have unpatched vulnerabilities and could present a risk to your network as a whole.
However, that point aside, you can create a VLAN to separate your camera from the other network, and you can selectively filter your cameras from the internet, too.
" they have unpatched vulnerabilities and could present a risk" - what exactly does that mean? If it not connected to the internet, can it still be hacked? I don't necessarily want to be able to see what is happening in my home. It is important that the system is not physically vulnerable.