Posted: Sun Jul 31, 2022 0:10 Post subject: Block PORT in local network
Hello,
How can I disable PORT usage on one or more local networks (e.g. 192.168.1.1, 192.168.2.1 etc.)? I would like to disable port 80 21 and 23 for all devices and users (everyone) participating in network segments.
I want no one on the network to have access to these ports, not even the administrator. Each network belongs to br0 the subnets can see each other's devices. I want no one to be able to telnet and ssh to their devices.
There are 4 networks. 192.168.2.1, 192.168.2.1, 192.168.3.1, 192.168.4.1. If a camera is connected to network 2 192.168.2.300, it is accessible from all networks, so if someone opens an SSH connection in the putty, they can reach it. I entered the code in Administration --> Commands console, but it didn't disable SSH, it still allows the connection.
Mind if you access the web interface via HTTP blocking port 80 will prevent you from accessing the interface via HTTP port 80 from anything under br0 (which includes eth1 and wlan0 and including wlan0.1
If you're trying to block access to IP cameras, that is a different set of rules. Also, to block access to the router webUI via any other interface that is connected to br0, you should use ebtables instead of iptables. The only requirement is insmod'ing the required ebtables kernel modules in your firewall script. It sounds like you want to block access to or from client devices. The picture is somewhat unclear now from the original premise.
Disable Wireless Access To WebUI not working _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
"If you're trying to block access to IP cameras"
-> Yes, I want to disable it, but only ports 22 and 23. I want it to be accessible only through the web port 443 for all connected devices.
"Also, to block access to the router webUI via any other interface"
-> This was just an idea to force e.g. the web interface of the camera to load only via https.
You've been asked to give router and build information in at least one other thread. Not knowing what router you are using or build or kernel involved, it could be that either you didn't insmod the ebtables modules or that the kernel doesn't have any ebtables functionality compiled in or available. You have to insert the required ebtables modules, otherwise the rules do not work. They are not compiled into the kernel by default. Also, my recommendation is wired IP cameras with their own managed switch. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio