Community discussions

MikroTik App
 
screetch
just joined
Topic Author
Posts: 17
Joined: Thu Dec 30, 2021 11:21 pm

Please help sandbox a camera

Sun Oct 30, 2022 1:40 am

Greetings, please help me with a firewall rule to prevent an IP camera from accessing the wan. These cameras are notorious for calling the EZVIZ home site. The model of router is a Mikrotik hEX PoE. The camera needs to be visible to other machines on the 192.168.1.xxx network.

Normally I keep the cameras on an isolated 192.168.10.xxx network with no gateway using separate NICs, but I need this particular camera on the 192.168.1.xxx network for some toying around with.

Eg:
192.168.1.1 router/gateway
192.168.1.100 IP Camera

Thanks for your help
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14392
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Please help sandbox a camera

Sun Oct 30, 2022 3:25 am

Post your config
/export file=anynameyouwish ( minus serial number and any public WANIP info )
 
mkx
Forum Guru
Forum Guru
Posts: 8955
Joined: Thu Mar 03, 2016 10:23 pm

Re: Please help sandbox a camera

Sun Oct 30, 2022 10:24 am

You could block traffic according to camera's MAC address, hopefully it doesn't do the "random MAC" stupidity.

If your hEX is otherwise on default settings, then you can add a filter rule like this one ... place it below the rule that says "action=drop chain=forward connection-state=invalid" (and substitute the dummy MAC address with the one of your IP camera).
/ip firewall filter
add action=drop chain=forward comment="stewpid camera" out-interface-list=WAN src-mac-address=AA:BB:CC:DD:EE:FF

If you happen to use IPv6, then add the same rule under /ipv6 firewall filter.

Of course there are other ways of accomplishing the mission, I'm sure @anav will come up with a few after you come back with config export and network diagram :wink:
 
screetch
just joined
Topic Author
Posts: 17
Joined: Thu Dec 30, 2021 11:21 pm

Re: Please help sandbox a camera

Tue Dec 13, 2022 9:34 pm

Sorry for the late reply. Thank you very much for your suggestions.

In exporting the config file, would it be best to export only the firewall settings?
Is there a way to paste text into the Terminal command line? Ctrl-V and Ctrl-Shift-V do not seem to work.

Thanks kindly.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14392
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Please help sandbox a camera

Tue Dec 13, 2022 9:42 pm

/export file=anynameyouwish (minus router serial number and any public WAN IP information)

Download the file to your computer.
Open it with notepad++

Copy and paste it to the forum here, and then highlight the text and apply the square code brackets above ( on the same line as Bold Underline etc) the black square with white square brackets.

Who is online

Users browsing this forum: Ahrefs [Bot], dinosgb and 28 guests