When you use the GUI to 'Block Internet Access' for a device either via the Network Map - Client Status panel
e.g.
View attachment 13415
or via the Parental Controls tab, it does (using the MAC address) exactly that.
i.e. it creates the following firewall rule - blocking ALL 'out' interfaces.
However, to allow direct remote Camera viewing via either of the two VPN Servers (without a jump-server on the LAN), then you will need to 'complicate' things by using a script to modify the restrictive Camera blocking rule(s)Code:Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 1701 102K DROP all -- br0 * 0.0.0.0/0 0.0.0.0/0 MAC XX:XX:XX:XX:XX:XX
i.e. the GUI created rule should be modified to still block direct WAN access but allow access via either of the two VPN servers:
Code:Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 1701 102K DROP all -- br0 !tun2+ 0.0.0.0/0 0.0.0.0/0 MAC XX:XX:XX:XX:XX:XX
see IPCamsBlock.sh
I've re-read this, the thread, & the many links several times, but still trying to figure out how to get this to work, or even where to start ? .
What do I need for this, as I feel I'm still missing something? I have:
-putty.
-skynet.
-have managed to access my router via putty & get skynet working.
-what else do I need, if anything?
All I want to do is be able to block my IP cameras, switch & whatever else from accessing the internet but still be able to access these via VPNServer. I can already do the latter.
Thanks!!