[kwlug-disc] Deny Internet access for some LAN devices
B. S.
bs27975 at gmail.com
Tue Apr 11 22:30:06 EDT 2017
For incoming, if there is no map on the router to them, nothing is
getting to them.
For outgoing, you could put a deny or redirect on the router. 'course,
this prevents firmware updates. (Which I haven't done since purchase
date, on mine.) [I've also never worried about this, but then my cameras
are all external / outward facing.]
You could also put them on a different subnet, physically or virtually.
If nothing else on your net, like your router, is on that subnet, they
ain't going anywhere.
On whatever machines / devices you like, you could do ifconfig eth0:1
192.168.0.1/24 and they would be able to talk to the cameras.
Assuming that machine isn't forwarding, everything remains isolated. You
could do this on the Pi, for example. And on your other machines, or
main router, route add 192.168.0.0/24 gw RaspberryPi
On 04/11/2017 06:08 PM, Raymond Chen wrote:
> I have some cameras in my house. I'm trying to disable their access to
> Internet. Since I have a VPN service on my Raspberry Pi, if I want to
> connect to those cameras, I can connect to the VPN first.
>
> One way I can think of is setting their gateway IP address to empty. But if
> there is a malware on the camera, that doesn't help so much, right?
>
> I'm sure those DD-WRT routers can do that, just create a policy based on
> the MAC... But unfortunately my route is D-Link N600. It has some basic
> firewall, filter features, but most of them are protecting agains outside
> access. Any idea?
>
> Raymond
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
More information about the kwlug-disc
mailing list