Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Firewall block rule for specific ip addresses
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall block rule for specific ip addresses (Read 12095 times)
GRIZZLE33
Newbie
Posts: 2
Karma: 0
Firewall block rule for specific ip addresses
«
on:
July 18, 2018, 05:11:12 am »
I have 5 ip cameras that I do not want to "Phone Home"
I have them on the following IP addresses
192.168.1.15
192.168.1.16
192.168.1.17
192.168.1.18
192.168.1.19
I would like to be able to restrict any outside internet access to them, and allow them to connect to my NVR locally.
I was hoping to add a firewall block rule, however I can't seem to find out how to do that.
Thanks in advance.
Logged
JasMan
Full Member
Posts: 175
Karma: 9
Re: Firewall block rule for specific ip addresses
«
Reply #1 on:
July 18, 2018, 07:42:00 am »
If your NVR is in the same subnet as your IP cams, the easiest way would be to remove the gateway IP address (and maybe DNS) from your IP cams.
Otherwise it depends on how your firewall is configured. Is every IP in your 192.168.1.0 subnet allowed to access the Internet? Than you have to create an deny rule for the group of IPs that are not allowed. The easiest way would be an alias containing those IPs. Move the deny rule before the allowed rule.
You can do this also with one rule. Create an alias (e.g. HTTP_clients) with the IPs, that are allowed to access the Internet. Change your rule from
Source: LAN_net
Destination: Any
Service: HTTP/HTTPS
to
Source: HTTP_clients
Destination: Any
Service: HTTP/HTTPS
You've to add new clients with Internet access to the alias manually then. But it prevents new IoT devices to phone home as soon as you've connected them.
Logged
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Firewall block rule for specific ip addresses