[Solved] Firewall rule to block device from accessing internet

I'm trying to block some POE cameras from accessing the internet. But I'd like them to have LAN access to an internal time server. Is this the correct configuration? I have the MAC addresses in the advanced tab, so no IP address in this screen shot.

image626×767 28.7 KB

Does this configuration block only LAN to WAN traffic? Do I need a separate one for WAN to LAN traffic, or is that unnecessary? I'm using a program that's on the LAN to proxy the camera stream, so the camera should never get connections from the outside.

Both "drop" and "reject" can be used in this case right? Reject just works faster, so the camera doesn't have to wait for timeout to know it doesn't have internet access?

All correct, that will block the cameras from connecting to the internet and reject is better option as your surmised. In OpenWRT the firewall by default rejects new WAN to LAN connections and if the cameras are on a private network (192.168.X.X for example) then they can't be connected from the WAN without setting up forwarding rules.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.