Menu
What's new
By:
Filters Better Search

How to block ip camera from accessing the internet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Code: 
######@NAS:/tmp/home/root# /jffs/scripts/IPCamsBlock.sh  status

(IPCamsBlock.sh): 10485 v1.08 I/P Cameras Firewall blocking.... status

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
5      114  7060 MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            108.177.112.108      udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            108.177.112.109      udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            108.177.112.109      tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            108.177.112.108      tcp dpt:587 /* smtp.gmail.com */
5        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            0.0.0.0/0            udp dpt:123
6       24  1440 logdrop    all  --  br0    !tun2+  192.168.254.2        0.0.0.0/0
7        0     0 logdrop    all  --  br0    !tun2+  192.168.254.7        0.0.0.0/0
8        0     0 logdrop    all  --  br0    !tun2+  192.168.254.8        0.0.0.0/0
9        0     0 logdrop    all  --  br0    !tun2+  192.168.254.9        0.0.0.0/0

(IPCamsBlock.sh): 10485 I/P Cameras Firewall blocking status request completed.


Code: 
Sep 11 17:26:35 (IPCamsBlock.sh): 5956 v1.08 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587
Sep 11 17:26:37 (IPCamsBlock.sh): 5956 I/P Cameras Firewall blocking request completed.
Sep 11 17:27:11 (IPCamsBlock.sh): 6234 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:27:12 (IPCamsBlock.sh): 6234 I/P Cameras Firewall blocking status request completed.
Sep 11 17:29:10 (IPCamsBlock.sh): 6399 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:29:11 (IPCamsBlock.sh): 6399 I/P Cameras Firewall blocking status request completed.
Sep 11 17:34:54 (IPCamsBlock.sh): 6669 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:34:55 (IPCamsBlock.sh): 6669 I/P Cameras Firewall blocking status request completed.
Sep 11 17:41:17 (IPCamsBlock.sh): 6987 v1.08 I/P Cameras Firewall blocking.... init
Sep 11 17:41:19 (IPCamsBlock.sh): 6987 I/P Cameras Firewall blocking request completed.
Sep 11 17:44:24 (IPCamsBlock.sh): 7333 v1.08 I/P Cameras Firewall blocking.... init
Sep 11 17:44:26 (IPCamsBlock.sh): 7333 I/P Cameras Firewall blocking request completed.
Sep 11 17:44:31 (IPCamsBlock.sh): 7576 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:44:32 (IPCamsBlock.sh): 7576 I/P Cameras Firewall blocking status request completed.
Sep 11 18:00:07 Skynet: [Complete] 115763 IPs / 1438 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 212 Inbound / 0 Outbound Connections Blocked! [save] [7s]
Sep 11 18:10:40 (IPCamsBlock.sh): 8557 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 18:10:41 (IPCamsBlock.sh): 8557 I/P Cameras Firewall blocking status request completed.
Sep 11 18:17:24 dropbear[8857]: Password auth succeeded for '*******' from 192.168.1.136:61574
Sep 11 18:44:59 dropbear[9696]: Password auth succeeded for '*******' from 192.168.1.136:61641
Sep 11 18:46:06 (IPCamsBlock.sh): 9736 v1.08 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logdrop
Sep 11 18:46:09 (IPCamsBlock.sh): 9736 I/P Cameras Firewall blocking request completed.
Sep 11 18:46:31 dropbear[10018]: Password auth succeeded for '*******' from 192.168.1.136:61643
Sep 11 18:46:46 dropbear[10075]: Password auth succeeded for '*******' from 192.168.1.136:61644
Sep 11 18:47:08 (IPCamsBlock.sh): 10140 v1.08 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logdrop
Sep 11 18:47:09 (IPCamsBlock.sh): 10140 I/P Cameras Firewall blocking request completed.
Sep 11 18:50:11 (IPCamsBlock.sh): 10485 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 18:50:12 (IPCamsBlock.sh): 10485 I/P Cameras Firewall blocking status request completed.
Sep 11 19:00:07 Skynet: [Complete] 115763 IPs / 1438 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 349 Inbound / 0 Outbound Connections Blocked! [save] [7s]
Sep 11 19:00:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=109.248.9.11 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22013 PROTO=TCP SPT=46622 DPT=49165 SEQ=611451369 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:00:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=146.185.222.50 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=63865 PROTO=TCP SPT=56852 DPT=13096 SEQ=959209032 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:01:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=5.188.206.249 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30873 PROTO=TCP SPT=59023 DPT=3390 SEQ=3825787326 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:01:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=5.101.40.252 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21151 PROTO=TCP SPT=41578 DPT=3460 SEQ=575720194 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
 
Last edited:
58chev said:
Code: 
Sep 11 17:26:35 (IPCamsBlock.sh): 5956 v1.08 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587
Sep 11 17:26:37 (IPCamsBlock.sh): 5956 I/P Cameras Firewall blocking request completed.
Sep 11 17:27:11 (IPCamsBlock.sh): 6234 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:27:12 (IPCamsBlock.sh): 6234 I/P Cameras Firewall blocking status request completed.
Sep 11 17:29:10 (IPCamsBlock.sh): 6399 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:29:11 (IPCamsBlock.sh): 6399 I/P Cameras Firewall blocking status request completed.
Sep 11 17:34:54 (IPCamsBlock.sh): 6669 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:34:55 (IPCamsBlock.sh): 6669 I/P Cameras Firewall blocking status request completed.
Sep 11 17:41:17 (IPCamsBlock.sh): 6987 v1.08 I/P Cameras Firewall blocking.... init
Sep 11 17:41:19 (IPCamsBlock.sh): 6987 I/P Cameras Firewall blocking request completed.
Sep 11 17:44:24 (IPCamsBlock.sh): 7333 v1.08 I/P Cameras Firewall blocking.... init
Sep 11 17:44:26 (IPCamsBlock.sh): 7333 I/P Cameras Firewall blocking request completed.
Sep 11 17:44:31 (IPCamsBlock.sh): 7576 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 17:44:32 (IPCamsBlock.sh): 7576 I/P Cameras Firewall blocking status request completed.
Sep 11 18:00:07 Skynet: [Complete] 115763 IPs / 1438 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 212 Inbound / 0 Outbound Connections Blocked! [save] [7s]
Sep 11 18:10:40 (IPCamsBlock.sh): 8557 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 18:10:41 (IPCamsBlock.sh): 8557 I/P Cameras Firewall blocking status request completed.
Sep 11 18:17:24 dropbear[8857]: Password auth succeeded for '*******' from 192.168.1.136:61574
Sep 11 18:44:59 dropbear[9696]: Password auth succeeded for '*******' from 192.168.1.136:61641
Sep 11 18:46:06 (IPCamsBlock.sh): 9736 v1.08 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logdrop
Sep 11 18:46:09 (IPCamsBlock.sh): 9736 I/P Cameras Firewall blocking request completed.
Sep 11 18:46:31 dropbear[10018]: Password auth succeeded for '*******' from 192.168.1.136:61643
Sep 11 18:46:46 dropbear[10075]: Password auth succeeded for '*******' from 192.168.1.136:61644
Sep 11 18:47:08 (IPCamsBlock.sh): 10140 v1.08 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logdrop
Sep 11 18:47:09 (IPCamsBlock.sh): 10140 I/P Cameras Firewall blocking request completed.
Sep 11 18:50:11 (IPCamsBlock.sh): 10485 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 18:50:12 (IPCamsBlock.sh): 10485 I/P Cameras Firewall blocking status request completed.
Sep 11 19:00:07 Skynet: [Complete] 115763 IPs / 1438 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 349 Inbound / 0 Outbound Connections Blocked! [save] [7s]
Sep 11 19:00:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=109.248.9.11 DST=99.224.148.25 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22013 PROTO=TCP SPT=46622 DPT=49165 SEQ=611451369 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:00:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=146.185.222.50 DST=99.224.148.25 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=63865 PROTO=TCP SPT=56852 DPT=13096 SEQ=959209032 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:01:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=5.188.206.249 DST=99.224.148.25 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30873 PROTO=TCP SPT=59023 DPT=3390 SEQ=3825787326 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:01:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=5.101.40.252 DST=99.224.148.25 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21151 PROTO=TCP SPT=41578 DPT=3460 SEQ=575720194 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Click to expand...

Err... o_O the above is not the output of

Code: 
grep 192.168.254.2 /tmp/syslog.log   | sed 's/SEQ=.*$//;s/LEN=.*DF//'

???
 
Martineau said:
Err... o_O the above is not the output of
Click to expand...
That was copied from the log file.???
Code: 
techhead@NAS:/tmp/home/root# grep 192.168.254.2 /tmp/syslog.log   | sed 's/SEQ=.
*$//;s/LEN=.*DF//'
techhead@NAS:/tmp/home/root#
Not sure what you are looking for???

This is the output for the timestamp I run the command.

Code: 
Sep 11 19:24:53 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=109.248.9.11 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=30227 PROTO=TCP SPT=48083 DPT=19531 SEQ=1005628993 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:25:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=71.6.232.2 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34471 DPT=389 SEQ=2782829750 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 11 19:25:20 (IPCamsBlock.sh): 12165 v1.08 I/P Cameras Firewall blocking.... status
Sep 11 19:25:20 (IPCamsBlock.sh): 12165 I/P Cameras Firewall blocking status request completed.
Sep 11 19:25:24 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=195.43.95.189 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=41825 PROTO=TCP SPT=60000 DPT=3393 SEQ=257047097 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:25:58 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=109.248.9.11 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=53306 PROTO=TCP SPT=48083 DPT=16936 SEQ=1862927883 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:25:59 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=146.185.222.35 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=58551 PROTO=TCP SPT=43812 DPT=39693 SEQ=3668765603 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:26:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=109.248.9.11 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42959 PROTO=TCP SPT=48083 DPT=23421 SEQ=3574622379 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:27:46 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=144.217.181.56 DST=x.x.x.x LEN=57 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=UDP SPT=52647 DPT=1293 LEN=37
Sep 11 19:27:51 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=109.248.9.11 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=4556 PROTO=TCP SPT=48083 DPT=22678 SEQ=3574717763 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:28:03 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=146.185.222.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=18659 PROTO=TCP SPT=57133 DPT=1848 SEQ=716954562 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Sep 11 19:28:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=c8:1e:e7:88:db:5b:00:17:10:91:0f:a5:08:00 SRC=45.55.2.51 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47844 DPT=443 SEQ=3154833026 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0

What should the output look like?
 
Last edited:
58chev said:
What should the output look like?
Click to expand...

Having enabled the logdrop debug rules, we want to identify what a specific IP camera is trying to access whilst BLOCKED

e.g. In my case IP camera 10.88.8.125
Code: 
./IPCamsBlock.sh status

(IPCamsBlock.sh): 24779 v1.09 I/P Cameras Firewall blocking.... status

<snip>
6      162  9720 logdrop    all  --  br0    !tun2+  10.88.8.120          0.0.0.0/0          
7        0     0 logdrop    all  --  br0    !tun2+  10.88.8.121          0.0.0.0/0          
8        0     0 logdrop    all  --  br0    !tun2+  10.88.8.122          0.0.0.0/0          
9      399 23940 logdrop    all  --  br0    !tun2+  10.88.8.123          0.0.0.0/0          
10     317 19020 logdrop    all  --  br0    !tun2+  10.88.8.125          0.0.0.0/0

so I would expect to see Syslog lines such as:
e.g.
Code: 
grep 10.88.8.125 /tmp/syslog.log   | sed 's/SEQ=.*$//;s/LEN=.*DF//'

Sep 12 00:39:50 RT-AC68U kern.warn kernel: DROP IN=br0 OUT=eth0 SRC=10.88.8.125 DST=35.169.214.193  PROTO=TCP SPT=51243 DPT=443
Sep 12 00:41:05 RT-AC68U kern.warn kernel: DROP IN=br0 OUT=eth0 SRC=10.88.8.125 DST=35.169.221.250  PROTO=TCP SPT=33884 DPT=443
Sep 12 00:41:06 RT-AC68U kern.warn kernel: DROP IN=br0 OUT=eth0 SRC=10.88.8.125 DST=35.169.221.250  PROTO=TCP SPT=33884 DPT=443
Sep 12 00:41:08 RT-AC68U kern.warn kernel: DROP IN=br0 OUT=eth0 SRC=10.88.8.125 DST=35.169.221.250  PROTO=TCP SPT=33884 DPT=443
What is in your logdrop chain
Code: 
iptables --line -t filter -nvL logdrop
 
I'm just not getting that output in my Syslog, no idea why??

Code: 
techhead@NAS:/tmp/home/root# iptables --line -t filter -nvL logdrop
Chain logdrop (9 references)
num   pkts bytes target     prot opt in     out     source               destination
1     5274  233K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
techhead@NAS:/tmp/home/root#
 
Rundown of how I have things setup

4 Hikvision IP Cameras (192.168.254.x) connected directly to Hikvision PoE NVR's switch side 192.168.254.1 Network side (192.168.1.15) connected to managed network switch (192.168.1.3) , which is connected to my ASUS Router (192.168.1.1)

Not sure if this complicates things? or even if it matters that the cameras are connected to my NVR?

Finally some results for grep 192.168.1.15 /tmp/syslog.log | sed 's/SEQ=.*$//;s/LEN=.*DF//'

Code: 
Sep 12 10:48:45 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43726 DF PROTO=UDP SPT=35640 DPT=53 LEN=40
Sep 12 10:48:45 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43727 DF PROTO=UDP SPT=35640 DPT=53 LEN=40
Sep 12 10:48:50 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.220.220 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=9569 DF PROTO=UDP SPT=49203 DPT=53 LEN=40
Sep 12 10:48:50 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.220.220 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=9570 DF PROTO=UDP SPT=49203 DPT=53 LEN=40
Sep 12 10:48:55 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43947 DF PROTO=UDP SPT=35506 DPT=53 LEN=40
Sep 12 10:48:55 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43948 DF PROTO=UDP SPT=35506 DPT=53 LEN=40
Sep 12 10:49:00 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.220.220 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=9580 DF PROTO=UDP SPT=55033 DPT=53 LEN=40
Sep 12 10:49:00 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.220.220 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=9581 DF PROTO=UDP SPT=55033 DPT=53 LEN=40
Sep 12 10:49:05 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=44204 DF PROTO=UDP SPT=35506 DPT=53 LEN=40
Sep 12 10:49:05 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=44205 DF PROTO=UDP SPT=35506 DPT=53 LEN=40
Sep 12 10:49:10 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.220.220 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=9768 DF PROTO=UDP SPT=55033 DPT=53 LEN=40
Sep 12 10:49:10 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.220.220 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=9769 DF PROTO=UDP SPT=55033 DPT=53 LEN=40
 
Last edited:
58chev said:
I'm just not getting that output in my Syslog, no idea why??

Code: 
techhead@NAS:/tmp/home/root# iptables --line -t filter -nvL logdrop
Chain logdrop (9 references)
num   pkts bytes target     prot opt in     out     source               destination
1     5274  233K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
techhead@NAS:/tmp/home/root#
Click to expand...

Although you have now successfully identified how/why the 'logdrop' chain was deliberately sabotaged, I have nevertheless released v1.09 IPCamsBlock.sh to assist novice users by reporting the issue and optionally fix the deliberate crippling of the intrinsic iptables '-t filter -j logdrop' target.

Also, the updated script now offers the ability to initiate the Syslog scan for the BLOCKED packets attempts from either ALL IP cameras or an individual device
e.g.
Code: 
./IPCamsBlock.sh   logscan   192.168.254.2
 
58chev said:
Finally some results for grep 192.168.1.15 /tmp/syslog.log | sed 's/SEQ=.*$//;s/LEN=.*DF//'

Code: 
Sep 12 10:48:45 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43726 DF PROTO=UDP SPT=35640 DPT=53 LEN=40
Sep 12 10:48:45 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.254.2 DST=208.67.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43727 DF PROTO=UDP SPT=35640 DPT=53 LEN=40
Click to expand...

:D :rolleyes::rolleyes:

58chev said:
Rundown of how I have things setup

4 Hikvision IP Cameras (192.168.254.x) connected directly to Hikvision PoE NVR's switch side 192.168.254.1 Network side (192.168.1.15) connected to managed network switch (192.168.1.3) , which is connected to my ASUS Router (192.168.1.1)

Not sure if this complicates things? or even if it matters that the cameras are connected to my NVR?
Click to expand...

Possibly, but at least my IPCamsBlock.sh script may be able to identify/highlight if there is any explicit blocking of the emails e.g. wrong SMTP server address/Port. o_O
 
Code: 
scripts# ./IPCamsBlock.sh   init   mail=smtp.gmail.com:587
logdrop

(IPCamsBlock.sh): 11211 v1.09 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logdrop

        (IPCamsBlock.sh): 11211 ***ERROR Intrinsic 'iptables -t filter logdrop' chain functionality has been purposely CRIPPLED by ACTIVE SKynet...WTF?!!!

Chain logdrop (9 references)
num   pkts bytes target     prot opt in     out     source               destination
1        2    76 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Code: 
Sep 12 13:12:23 (IPCamsBlock.sh): 10875 v1.09 I/P Cameras Firewall blocking.... status
Sep 12 13:12:23 (IPCamsBlock.sh): 10875 I/P Cameras Firewall blocking status request completed.
Sep 12 13:12:46 (IPCamsBlock.sh): 10999 v1.09 I/P Cameras Firewall blocking.... logscan 192.168.254.2
Sep 12 13:12:46 (IPCamsBlock.sh): 10999 BLOCKED traffic for IP Camera 192.168.254.2
Sep 12 13:12:46 (IPCamsBlock.sh): 10999 For IP Camera 192.168.254.2 - BLOCKED traffic Syslog rule count=0
Sep 12 13:12:46 (IPCamsBlock.sh): 10999 I/P Cameras Firewall blocking logscan request completed.
Sep 12 13:13:56 (IPCamsBlock.sh): 11211 v1.09 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logdrop
Sep 12 13:13:56 (IPCamsBlock.sh): 11211 ***ERROR Intrinsic 'iptables -t filter logdrop' chain functionality has been purposely CRIPPLED by ACTIVE SKynet...WTF?!!!
Sep 12 13:14:22 (IPCamsBlock.sh): 11308 v1.09 I/P Cameras Firewall blocking.... logscan 192.168.254.2
Sep 12 13:14:23 (IPCamsBlock.sh): 11308 BLOCKED traffic for IP Camera 192.168.254.2
Sep 12 13:14:23 (IPCamsBlock.sh): 11308 For IP Camera 192.168.254.2 - BLOCKED traffic Syslog rule count=0
Sep 12 13:14:23 (IPCamsBlock.sh): 11308 I/P Cameras Firewall blocking logscan request completed.
Sep 12 13:14:42 (IPCamsBlock.sh): 11496 v1.09 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587 logscan
Sep 12 13:14:43 (IPCamsBlock.sh): 11496 I/P Cameras Firewall blocking request completed.
Sep 12 13:14:52 (IPCamsBlock.sh): 11700 v1.09 I/P Cameras Firewall blocking.... logscan 192.168.254.2
Sep 12 13:14:53 (IPCamsBlock.sh): 11700 BLOCKED traffic for IP Camera 192.168.254.2
Sep 12 13:14:53 (IPCamsBlock.sh): 11700 For IP Camera 192.168.254.2 - BLOCKED traffic Syslog rule count=0
Sep 12 13:14:53 (IPCamsBlock.sh): 11700 I/P Cameras Firewall blocking logscan request completed.
Sep 12 13:15:24 (IPCamsBlock.sh): 11893 v1.09 I/P Cameras Firewall blocking.... status
Sep 12 13:15:25 (IPCamsBlock.sh): 11893 I/P Cameras Firewall blocking status request completed.

Code: 
@NAS:/jffs/scripts# ./IPCamsBlock.sh   logscan   192.168.254.2

(IPCamsBlock.sh): 12012 v1.09 I/P Cameras Firewall blocking.... logscan 192.168.254.2


Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
5       15   964 MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     udp  --  br0    eth0    anywhere             108.177.112.108      udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    anywhere             108.177.112.109      udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    anywhere             108.177.112.109      tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    anywhere             108.177.112.108      tcp dpt:587 /* smtp.gmail.com */
5        3   228 ACCEPT     udp  --  br0    eth0    anywhere             anywhere             udp dpt:ntp
6       10   600 DROP       all  --  br0    !tun2+  192.168.254.2        anywhere

        **Warning IP Camera '' (192.168.254.2) does not have 'logdrop' enabled for 'logscan' request

(IPCamsBlock.sh): 12012 BLOCKED traffic for IP Camera 192.168.254.2


(IPCamsBlock.sh): 12012 For IP Camera 192.168.254.2 - BLOCKED traffic Syslog rule count=0


(IPCamsBlock.sh): 12012 I/P Cameras Firewall blocking logscan request completed.
 
Hi, @Martineau I have 1.09 of your script installed and running however I cant get the mail smtp for gmail to work. It is being blocked.

I've read through this thread but honestly I'm not sure what I'm actually reading in the logs as to why it's dropping the mail server request.

Also it seems like after running init mail=smtp.gmail.com:587 and then restarting the script the rule dissapears. I'm not sure what I'm doing wrong and would appreciate any help.

Thanks.
 
dazedv3 said:
Hi, @Martineau I have 1.09 of your script installed and running however I cant get the mail smtp for gmail to work. It is being blocked.

I've read through this thread but honestly I'm not sure what I'm actually reading in the logs as to why it's dropping the mail server request.

Also it seems like after running init mail=smtp.gmail.com:587 and then restarting the script the rule dissapears.
Click to expand...

Can you post the output of these commands
Code: 
./IPCamsBlock.sh   status

iptables   --line   -t filter   -nvL   MyIPCAMs
 
Martineau said:
Can you post the output of these commands
Code: 
./IPCamsBlock.sh   status

iptables   --line   -t filter   -nvL   MyIPCAMs
Click to expand...

Sure

./IPCamsBlock.sh status
Code: 
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination        
10   37862 5200K MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0          

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination        
1        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.108        udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.109        udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.109        tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.108        tcp dpt:587 /* smtp.gmail.com */
5      832 63232 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            0.0.0.0/0            udp dpt:123
6     4918  275K DROP       all  --  br0    !tun2+  192.168.0.240        0.0.0.0/0          
7        0     0 DROP       all  --  br0    !tun2+  192.168.0.241        0.0.0.0/0          
8        0     0 DROP       all  --  br0    !tun2+  192.168.0.242        0.0.0.0/0          
9        0     0 DROP       all  --  br0    !tun2+  192.168.0.243        0.0.0.0/0          
10       0     0 DROP       all  --  br0    !tun2+  192.168.0.244        0.0.0.0/0          
11       0     0 DROP       all  --  br0    !tun2+  192.168.0.245        0.0.0.0/0          
12       0     0 DROP       all  --  br0    !tun2+  192.168.0.246        0.0.0.0/0          
13       0     0 DROP       all  --  br0    !tun2+  192.168.0.247        0.0.0.0/0          
14       0     0 DROP       all  --  br0    !tun2+  192.168.0.248        0.0.0.0/0          
15       0     0 DROP       all  --  br0    !tun2+  192.168.0.249        0.0.0.0/0          
16       0     0 DROP       all  --  br0    !tun2+  192.168.0.250        0.0.0.0/0          
17       0     0 DROP       all  --  br0    !tun2+  192.168.1.160        0.0.0.0/0          
18       0     0 DROP       all  --  br0    !tun2+  192.168.1.161        0.0.0.0/0          
19       0     0 DROP       all  --  br0    !tun2+  192.168.1.162        0.0.0.0/0          
20       0     0 DROP       all  --  br0    !tun2+  192.168.1.163        0.0.0.0/0          
21       0     0 DROP       all  --  br0    !tun2+  192.168.1.164        0.0.0.0/0          
22       0     0 DROP       all  --  br0    !tun2+  192.168.1.165        0.0.0.0/0          
23       0     0 DROP       all  --  br0    !tun2+  192.168.1.166        0.0.0.0/0          
24       0     0 DROP       all  --  br0    !tun2+  192.168.1.167        0.0.0.0/0          
25       0     0 DROP       all  --  br0    !tun2+  192.168.1.168        0.0.0.0/0          
26       0     0 DROP       all  --  br0    !tun2+  192.168.1.169        0.0.0.0/0          
27       0     0 DROP       all  --  br0    !tun2+  192.168.1.170        0.0.0.0/0          
(IPCamsBlock.sh): 31422 I/P Cameras Firewall blocking status request completed.

iptables --line -t filter -nvL MyIPCAMs
Code: 
/jffs/scripts$ iptables   --line   -t filter   -nvL   MyIPCAMs
Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination        
1        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.108        udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.109        udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.109        tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.108        tcp dpt:587 /* smtp.gmail.com */
5      833 63308 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            0.0.0.0/0            udp dpt:123
6     4924  276K DROP       all  --  br0    !tun2+  192.168.0.240        0.0.0.0/0          
7        0     0 DROP       all  --  br0    !tun2+  192.168.0.241        0.0.0.0/0          
8        0     0 DROP       all  --  br0    !tun2+  192.168.0.242        0.0.0.0/0          
9        0     0 DROP       all  --  br0    !tun2+  192.168.0.243        0.0.0.0/0          
10       0     0 DROP       all  --  br0    !tun2+  192.168.0.244        0.0.0.0/0          
11       0     0 DROP       all  --  br0    !tun2+  192.168.0.245        0.0.0.0/0          
12       0     0 DROP       all  --  br0    !tun2+  192.168.0.246        0.0.0.0/0          
13       0     0 DROP       all  --  br0    !tun2+  192.168.0.247        0.0.0.0/0          
14       0     0 DROP       all  --  br0    !tun2+  192.168.0.248        0.0.0.0/0          
15       0     0 DROP       all  --  br0    !tun2+  192.168.0.249        0.0.0.0/0          
16       0     0 DROP       all  --  br0    !tun2+  192.168.0.250        0.0.0.0/0          
17       0     0 DROP       all  --  br0    !tun2+  192.168.1.160        0.0.0.0/0          
18       0     0 DROP       all  --  br0    !tun2+  192.168.1.161        0.0.0.0/0          
19       0     0 DROP       all  --  br0    !tun2+  192.168.1.162        0.0.0.0/0          
20       0     0 DROP       all  --  br0    !tun2+  192.168.1.163        0.0.0.0/0          
21       0     0 DROP       all  --  br0    !tun2+  192.168.1.164        0.0.0.0/0          
22       0     0 DROP       all  --  br0    !tun2+  192.168.1.165        0.0.0.0/0          
23       0     0 DROP       all  --  br0    !tun2+  192.168.1.166        0.0.0.0/0          
24       0     0 DROP       all  --  br0    !tun2+  192.168.1.167        0.0.0.0/0          
25       0     0 DROP       all  --  br0    !tun2+  192.168.1.168        0.0.0.0/0          
26       0     0 DROP       all  --  br0    !tun2+  192.168.1.169        0.0.0.0/0          
27       0     0 DROP       all  --  br0    !tun2+  192.168.1.170        0.0.0.0/0
 
dazedv3 said:
Sure

./IPCamsBlock.sh status
Code: 
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination     
10   37862 5200K MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0       

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination     
1        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.108        udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.109        udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.109        tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.108        tcp dpt:587 /* smtp.gmail.com */
5      832 63232 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            0.0.0.0/0            udp dpt:123
6     4918  275K DROP       all  --  br0    !tun2+  192.168.0.240        0.0.0.0/0       
7        0     0 DROP       all  --  br0    !tun2+  192.168.0.241        0.0.0.0/0       
8        0     0 DROP       all  --  br0    !tun2+  192.168.0.242        0.0.0.0/0       
9        0     0 DROP       all  --  br0    !tun2+  192.168.0.243        0.0.0.0/0       
10       0     0 DROP       all  --  br0    !tun2+  192.168.0.244        0.0.0.0/0       
11       0     0 DROP       all  --  br0    !tun2+  192.168.0.245        0.0.0.0/0       
12       0     0 DROP       all  --  br0    !tun2+  192.168.0.246        0.0.0.0/0       
13       0     0 DROP       all  --  br0    !tun2+  192.168.0.247        0.0.0.0/0       
14       0     0 DROP       all  --  br0    !tun2+  192.168.0.248        0.0.0.0/0       
15       0     0 DROP       all  --  br0    !tun2+  192.168.0.249        0.0.0.0/0       
16       0     0 DROP       all  --  br0    !tun2+  192.168.0.250        0.0.0.0/0       
17       0     0 DROP       all  --  br0    !tun2+  192.168.1.160        0.0.0.0/0       
18       0     0 DROP       all  --  br0    !tun2+  192.168.1.161        0.0.0.0/0       
19       0     0 DROP       all  --  br0    !tun2+  192.168.1.162        0.0.0.0/0       
20       0     0 DROP       all  --  br0    !tun2+  192.168.1.163        0.0.0.0/0       
21       0     0 DROP       all  --  br0    !tun2+  192.168.1.164        0.0.0.0/0       
22       0     0 DROP       all  --  br0    !tun2+  192.168.1.165        0.0.0.0/0       
23       0     0 DROP       all  --  br0    !tun2+  192.168.1.166        0.0.0.0/0       
24       0     0 DROP       all  --  br0    !tun2+  192.168.1.167        0.0.0.0/0       
25       0     0 DROP       all  --  br0    !tun2+  192.168.1.168        0.0.0.0/0       
26       0     0 DROP       all  --  br0    !tun2+  192.168.1.169        0.0.0.0/0       
27       0     0 DROP       all  --  br0    !tun2+  192.168.1.170        0.0.0.0/0       
(IPCamsBlock.sh): 31422 I/P Cameras Firewall blocking status request completed.

iptables --line -t filter -nvL MyIPCAMs
Code: 
/jffs/scripts$ iptables   --line   -t filter   -nvL   MyIPCAMs
Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination     
1        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.108        udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            74.125.24.109        udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.109        tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    0.0.0.0/0            74.125.24.108        tcp dpt:587 /* smtp.gmail.com */
5      833 63308 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            0.0.0.0/0            udp dpt:123
6     4924  276K DROP       all  --  br0    !tun2+  192.168.0.240        0.0.0.0/0       
7        0     0 DROP       all  --  br0    !tun2+  192.168.0.241        0.0.0.0/0       
8        0     0 DROP       all  --  br0    !tun2+  192.168.0.242        0.0.0.0/0       
9        0     0 DROP       all  --  br0    !tun2+  192.168.0.243        0.0.0.0/0       
10       0     0 DROP       all  --  br0    !tun2+  192.168.0.244        0.0.0.0/0       
11       0     0 DROP       all  --  br0    !tun2+  192.168.0.245        0.0.0.0/0       
12       0     0 DROP       all  --  br0    !tun2+  192.168.0.246        0.0.0.0/0       
13       0     0 DROP       all  --  br0    !tun2+  192.168.0.247        0.0.0.0/0       
14       0     0 DROP       all  --  br0    !tun2+  192.168.0.248        0.0.0.0/0       
15       0     0 DROP       all  --  br0    !tun2+  192.168.0.249        0.0.0.0/0       
16       0     0 DROP       all  --  br0    !tun2+  192.168.0.250        0.0.0.0/0       
17       0     0 DROP       all  --  br0    !tun2+  192.168.1.160        0.0.0.0/0       
18       0     0 DROP       all  --  br0    !tun2+  192.168.1.161        0.0.0.0/0       
19       0     0 DROP       all  --  br0    !tun2+  192.168.1.162        0.0.0.0/0       
20       0     0 DROP       all  --  br0    !tun2+  192.168.1.163        0.0.0.0/0       
21       0     0 DROP       all  --  br0    !tun2+  192.168.1.164        0.0.0.0/0       
22       0     0 DROP       all  --  br0    !tun2+  192.168.1.165        0.0.0.0/0       
23       0     0 DROP       all  --  br0    !tun2+  192.168.1.166        0.0.0.0/0       
24       0     0 DROP       all  --  br0    !tun2+  192.168.1.167        0.0.0.0/0       
25       0     0 DROP       all  --  br0    !tun2+  192.168.1.168        0.0.0.0/0       
26       0     0 DROP       all  --  br0    !tun2+  192.168.1.169        0.0.0.0/0       
27       0     0 DROP       all  --  br0    !tun2+  192.168.1.170        0.0.0.0/0
Click to expand...

Thanks, so the smtp rules are apparently being correctly created so they don't 'disappear' from the rule display when explicitly using the 'status' directive.

So the question remains, if there have been attempts to use the Gmail TCP/UDP smtp servers then since the rules are global, none appear to have been ACCEPTED by the rules, but if device 192.168.0.240 did attempt to access the Gmail servers, then without additional logging/diagnostics you can't tell.

I suggest you add the 'logdrop' directive for a while, to see if any of the 4929 hits from the chatty 192.168.0.240 device will repeat and possibly track (blocked) Gmail requests.
 
Martineau said:
Thanks, so the smtp rules are apparently being correctly created so they don't 'disappear' from the rule display when explicitly using the 'status' directive.

So the question remains, if there have been attempts to use the Gmail TCP/UDP smtp servers then since the rules are global, none appear to have been ACCEPTED by the rules, but if device 192.168.0.240 did attempt to access the Gmail servers, then without additional logging/diagnostics you can't tell.

I suggest you add the 'logdrop' directive for a while, to see if any of the 4929 hits from the chatty 192.168.0.240 device will repeat and possibly track (blocked) Gmail requests.
Click to expand...

I just remembered I changed my firewall-start script to be "init mail=smtp.gmail.com:587" during testing. I removed that and reverted back to just "./IPCamsBlock.sh init" and now the status doesnt show the gmail ie. "disappeared"

Code: 
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination       
10      24  1388 MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0         

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination       
1        0     0 ACCEPT     udp  --  br0    eth0    0.0.0.0/0            0.0.0.0/0            udp dpt:123
2        0     0 logdrop    all  --  br0    !tun2+  192.168.0.240        0.0.0.0/0         
3        0     0 logdrop    all  --  br0    !tun2+  192.168.0.241        0.0.0.0/0         
4        0     0 logdrop    all  --  br0    !tun2+  192.168.0.242        0.0.0.0/0         
5        0     0 logdrop    all  --  br0    !tun2+  192.168.0.243        0.0.0.0/0         
6        0     0 logdrop    all  --  br0    !tun2+  192.168.0.244        0.0.0.0/0         
7        0     0 logdrop    all  --  br0    !tun2+  192.168.0.245        0.0.0.0/0         
8        0     0 logdrop    all  --  br0    !tun2+  192.168.0.246        0.0.0.0/0         
9        0     0 logdrop    all  --  br0    !tun2+  192.168.0.247        0.0.0.0/0         
10       0     0 logdrop    all  --  br0    !tun2+  192.168.0.248        0.0.0.0/0         
11       0     0 logdrop    all  --  br0    !tun2+  192.168.0.249        0.0.0.0/0         
12       0     0 logdrop    all  --  br0    !tun2+  192.168.0.250        0.0.0.0/0         
13       0     0 logdrop    all  --  br0    !tun2+  192.168.1.160        0.0.0.0/0         
14       0     0 logdrop    all  --  br0    !tun2+  192.168.1.161        0.0.0.0/0         
15       0     0 logdrop    all  --  br0    !tun2+  192.168.1.162        0.0.0.0/0         
16       0     0 logdrop    all  --  br0    !tun2+  192.168.1.163        0.0.0.0/0         
17       0     0 logdrop    all  --  br0    !tun2+  192.168.1.164        0.0.0.0/0         
18       0     0 logdrop    all  --  br0    !tun2+  192.168.1.165        0.0.0.0/0         
19       0     0 logdrop    all  --  br0    !tun2+  192.168.1.166        0.0.0.0/0         
20       0     0 logdrop    all  --  br0    !tun2+  192.168.1.167        0.0.0.0/0         
21       0     0 logdrop    all  --  br0    !tun2+  192.168.1.168        0.0.0.0/0         
22       0     0 logdrop    all  --  br0    !tun2+  192.168.1.169        0.0.0.0/0         
23       0     0 logdrop    all  --  br0    !tun2+  192.168.1.170        0.0.0.0/0         
[97m
(IPCamsBlock.sh): 10045 I/P Cameras Firewall blocking status request completed.

EDIT:

Once I enable logdrop how can I test the findings in the Syslog or figure out why its dropping the gmail request
 
Last edited:
Why not just configure the camera using Parental Control, and not setting any allowed Internet access period?
 
RMerlin said:
Why not just configure the camera using Parental Control, and not setting any allowed Internet access period?
Click to expand...

Being able to access the camera feed via VPN when I'm not at home and also being able to allow email alerts to be sent whilst blocking anything else are the primary reasons for using this script.
 
Last edited:
dazedv3 said:
Being able to access the camera feed via VPN when I'm not at home and also being able to allow email alerts to be sent whilst blocking anything else are the primary reasons for using this script.
Click to expand...
I currently have one camera setup in parental controls and have no issues view over VPN.
BUT, the camera had to be taken off my NVR as parental controls could not pick it up by IP address. Once on my regular network, no issue. email alerts work as intended with just one line added to firewall-start.
 
dazedv3 said:
I just remembered I changed my firewall-start script to be "init mail=smtp.gmail.com:587" during testing. I removed that and reverted back to just "./IPCamsBlock.sh init" and now the status doesnt show the gmail ie. "disappeared"

EDIT: Once I enable logdrop how can I test the findings in the Syslog or figure out why its dropping the gmail request
Click to expand...
As per the script's help...use the 'logscan' directive
e.g. to find any entries related to device 192.168.0.240
Code: 
./IPCamsBlock     logscan   192.168.0.240
or use grep to scan Syslog manually.
 
Martineau said:
As per the script's help...use the 'logscan' directive
e.g. to find any entries related to device 192.168.0.240
Code: 
./IPCamsBlock     logscan   192.168.0.240
or use grep to scan Syslog manually.
Click to expand...

Ok I guess I should tackle the problem of the smtp rule not applying and staying applied.

I ran the command
Code: 
./IPCamsBlock.sh init mail=smtp.gmail.com:587
followed straight after by
Code: 
./IPCamsBlock.sh status
and as you can see below the smtp rules disapear. Am I missing a step or doing something wrong?

Am I supposed to change the firewall-start code?


Code: 
[0m
/jffs/scripts$ ./IPCamsBlock.sh init mail=smtp.gmail.com:587
[97m
(IPCamsBlock.sh): 8551 v1.09 I/P Cameras Firewall blocking.... init mail=smtp.gmail.com:587

[91m[93m
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination        
10       0     0 MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0          

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination        
1        0     0 ACCEPT     udp  --  br0    eth0    anywhere             sb-in-f108.1e100.net  udp dpt:587 /* smtp.gmail.com */
2        0     0 ACCEPT     udp  --  br0    eth0    anywhere             sb-in-f109.1e100.net  udp dpt:587 /* smtp.gmail.com */
3        0     0 ACCEPT     tcp  --  br0    eth0    anywhere             sb-in-f109.1e100.net  tcp dpt:587 /* smtp.gmail.com */
4        0     0 ACCEPT     tcp  --  br0    eth0    anywhere             sb-in-f108.1e100.net  tcp dpt:587 /* smtp.gmail.com */
5        0     0 ACCEPT     udp  --  br0    eth0    anywhere             anywhere             udp dpt:ntp
6        0     0 DROP       all  --  br0    !tun2+  192.168.0.240        anywhere          
7        0     0 DROP       all  --  br0    !tun2+  192.168.0.241        anywhere          
8        0     0 DROP       all  --  br0    !tun2+  192.168.0.242        anywhere          
9        0     0 DROP       all  --  br0    !tun2+  192.168.0.243        anywhere          
10       0     0 DROP       all  --  br0    !tun2+  192.168.0.244        anywhere          
11       0     0 DROP       all  --  br0    !tun2+  192.168.0.245        anywhere          
12       0     0 DROP       all  --  br0    !tun2+  192.168.0.246        anywhere          
13       0     0 DROP       all  --  br0    !tun2+  192.168.0.247        anywhere          
14       0     0 DROP       all  --  br0    !tun2+  192.168.0.248        anywhere          
15       0     0 DROP       all  --  br0    !tun2+  192.168.0.249        anywhere          
16       0     0 DROP       all  --  br0    !tun2+  192.168.0.250        anywhere          
17       0     0 DROP       all  --  br0    !tun2+  192.168.1.160        anywhere          
18       0     0 DROP       all  --  br0    !tun2+  192.168.1.161        anywhere          
19       0     0 DROP       all  --  br0    !tun2+  192.168.1.162        anywhere          
20       0     0 DROP       all  --  br0    !tun2+  192.168.1.163        anywhere          
21       0     0 DROP       all  --  br0    !tun2+  192.168.1.164        anywhere          
22       0     0 DROP       all  --  br0    !tun2+  192.168.1.165        anywhere          
23       0     0 DROP       all  --  br0    !tun2+  192.168.1.166        anywhere          
24       0     0 DROP       all  --  br0    !tun2+  192.168.1.167        anywhere          
25       0     0 DROP       all  --  br0    !tun2+  192.168.1.168        anywhere          
26       0     0 DROP       all  --  br0    !tun2+  192.168.1.169        anywhere          
27       0     0 DROP       all  --  br0    !tun2+  192.168.1.170        anywhere          
(IPCamsBlock.sh): 8551 I/P Cameras Firewall blocking request completed.

[97m
[0m
/jffs/scripts$ ./IPCamsBlock.sh init status
[97m
(IPCamsBlock.sh): 9357 v1.09 I/P Cameras Firewall blocking.... init status

[91m[93m
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination        
10       0     0 MyIPCAMs   all  --  br0    *       0.0.0.0/0            0.0.0.0/0          

Chain MyIPCAMs (1 references)
num   pkts bytes target     prot opt in     out     source               destination        
1        0     0 ACCEPT     udp  --  br0    eth0    anywhere             anywhere             udp dpt:ntp
2        0     0 DROP       all  --  br0    !tun2+  192.168.0.240        anywhere          
3        0     0 DROP       all  --  br0    !tun2+  192.168.0.241        anywhere          
4        0     0 DROP       all  --  br0    !tun2+  192.168.0.242        anywhere          
5        0     0 DROP       all  --  br0    !tun2+  192.168.0.243        anywhere          
6        0     0 DROP       all  --  br0    !tun2+  192.168.0.244        anywhere          
7        0     0 DROP       all  --  br0    !tun2+  192.168.0.245        anywhere          
8        0     0 DROP       all  --  br0    !tun2+  192.168.0.246        anywhere          
9        0     0 DROP       all  --  br0    !tun2+  192.168.0.247        anywhere          
10       0     0 DROP       all  --  br0    !tun2+  192.168.0.248        anywhere          
11       0     0 DROP       all  --  br0    !tun2+  192.168.0.249        anywhere          
12       0     0 DROP       all  --  br0    !tun2+  192.168.0.250        anywhere          
13       0     0 DROP       all  --  br0    !tun2+  192.168.1.160        anywhere          
14       0     0 DROP       all  --  br0    !tun2+  192.168.1.161        anywhere          
15       0     0 DROP       all  --  br0    !tun2+  192.168.1.162        anywhere          
16       0     0 DROP       all  --  br0    !tun2+  192.168.1.163        anywhere          
17       0     0 DROP       all  --  br0    !tun2+  192.168.1.164        anywhere          
18       0     0 DROP       all  --  br0    !tun2+  192.168.1.165        anywhere          
19       0     0 DROP       all  --  br0    !tun2+  192.168.1.166        anywhere          
20       0     0 DROP       all  --  br0    !tun2+  192.168.1.167        anywhere          
21       0     0 DROP       all  --  br0    !tun2+  192.168.1.168        anywhere          
22       0     0 DROP       all  --  br0    !tun2+  192.168.1.169        anywhere          
23       0     0 DROP       all  --  br0    !tun2+  192.168.1.170        anywhere          
(IPCamsBlock.sh): 9357 I/P Cameras Firewall blocking request completed.
 
dazedv3 said:
I ran the command
Code: 
./IPCamsBlock.sh init mail=smtp.gmail.com:587
followed straight after by
Code: 
./IPCamsBlock.sh status
and as you can see below the smtp rules disappear

I should tackle the problem of the smtp rule not applying and staying applied.
Click to expand...

dazedv3 said:
Am I doing something wrong?
Click to expand...

YES, as clearly you did not actually physically perform the two commands that you say you used :rolleyes:

There is a difference between
Code: 
./IPCamsBlock.sh    status
and
Code: 
./IPCamsBlock.sh    init   status

The 'init' directive wipes ALL existing rules (i.e. deletes the MyIPCAMs chain) , then recreates the chain using the directives you specifiy, so is mandatory when the script is first called after a reboot i.e. from firewall-start/nat-start.

The script will always display the rules it creates when the 'init' keyword is used so the 'status' directive is always implied.

Have you now understood what you are doing wrong?[/QUOTE]
 
Last edited:
You must log in or register to reply here.

Similar threads

L
How can I monitor all Ip traffic from my wyze camera in Merlin?
Replies
2
Views
328
lenovomen
L
L
Access to certain IPs in LAN blocked somehow?
Replies
4
Views
389
LaMpiR
L
C
Wired IP camera/ NVR POE setup on a RT-AX86U Pro running 3.0.0.6.102_34313
2
Replies
25
Views
2K
tiddlywink
T
J
Help with isolating camera and IoT networks
Replies
16
Views
1K
tiddlywink
T
R
Addition of Block Internet Access
Replies
5
Views
323
DJones
D
Similar threads
Thread starter Title Forum Replies Date
K Solved "Block internet access" does nothing Asuswrt-Merlin 7
R Addition of Block Internet Access Asuswrt-Merlin 5
K How to block LAN access for a wired device on ASUS Merlin (Firmware 3004.388.8_2)? Asuswrt-Merlin 12
M URL block List Asuswrt-Merlin 5
N IPv6 6RD tunnel block/allow by mac/IP Asuswrt-Merlin 3
elrengo RT-AX88U Pro - Block YouTube on Smart TV Asuswrt-Merlin 12
L "Block internet access" toggle in Client Status GUI doesn't stick Asuswrt-Merlin 3
C Is there any easy solution in Merlin for a VPN server that is hard to block/detect? Asuswrt-Merlin 13
C isp block dns over tls and poison any unencrypted dns resolution Asuswrt-Merlin 14
S Asus merlin: How to block communication between two device on the network? Asuswrt-Merlin 14

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 659 (members: 28, guests: 631)
Top