[student13]

Hi Plex server has a vulnerability on ports 32414 and 32410.
If I I enter a simple iptables command to drop connections on ports 32410 32414 would that do the trick ?

iptables -I FORWARD -p tcp --dport 32414 -j DROP
iptables -I FORWARD -p tcp --dport 32410 -j DROP

related article:

https://thehackernews.com/2021/02/cybercriminals-now-using-plex-media.html

https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack

[Alozaros]

those lines will cut off all WAN communication for those ports...and if plex is actively using those, it may not work any more as it should...sry but im not a 'plex' user, you can use MiniDLNA instead, as it runs on router level too....

[kernel-panic69]

I think the premise of the OP was to restrict access to the Plex server from the WAN. Plex is available on many platforms these days. The thing to do is to see if those ports are open from the WAN side with the Plex server running, then figure out what iptables rules work. Isn't the forward chain for sending to the outside world and vice-versa? AFAIK, Plex will run on the LAN without any internet connection whatsoever.

[eibgrad]

Those ports being actively blocked is only relevant if the plex server on the LAN is being forwarded to from the router, whether that's due to UPnP being enabled, or you having configured port forwarding on the GUI.

IOW, any given exploit for some internal device on the LAN is only vulnerable to the internet to the extent that device is actually accessible from the internet.

This is one of the reasons I don't leave UPnP enabled. I don't want LAN clients opening ports on the router behind my back.