Hi experts,
I have an ip cam so I want to be sure that it doesn't connect automatically with some unknown cloud/external service that I dont manage, bypassing the router in some ways; the only traffic enabled should be that one inside the lan or from outside (I need to reach the cam, via VPN of course no public IP:ports).
So, via LUCI I added the following rule:
where the IP is that of the cam.
Is it right? It should block all traffic for every protocols from that IP to outside; at the same time, traffic starting from the opposite direction (wan => ip) should work... right?
Thanks!
ps: is there any way to check/monitoring the eventually outgoing traffic generated by this cam (the traffic I want to block)?
run tcpdump -i any host <IP Address> on the router will show all traffic.
You can also activate logging on the firewall rules that would show you either the allowed or blocked traffic in the logs.
uhm, on the router itself, via console? Or using a Wireshark client on (f.e.) a windows machine? My cam is wired, there's should be some theoric and valid approach to drop all and only the traffic (generated) from it to outside....
19.07 has port tapping in the switch. It is possible also on 21.02 but not easy for time being.
You can also use a managed switch to tap the WAN data to a computer with Wireshark.
I personally use a old router that I run the internet line through two unmanaged ports and then tap that data in the router switch to a interface that the scanning computer is connected to.
I put the following (or similar - this is a cut / paste from a backup ) into \etc\config\firewall.user (I think that is loaded automatically, but check):
iptables -N camera_kill_packets
iptables -F camera_kill_packets
iptables -A camera_kill_packets -j REJECT
iptables -A forwarding_rule -m mac --mac-source 00:aa:bb:cc:dd:ee -j camera_kill_packets
You can then see in the LUCI Status->Firewall how many packets are hitting the camera_kill_packets table, which gives confidence that it is working.