Hi, I'm trying to lock down my iptables rules and can't figure out the correct way to script this. In YazFi, I have two/one way to guest and client isolation turned off on all guest networks. I'm able to access a camera from guest network 1 2.4ghz on guest network 1 5ghz using a script with this:
I want to only allow access to port 9000 on the camera (192.168.3.29; guest network 1 2.4ghz) to a single IP (192.168.2.10; guest network 1 5ghz). I've tried several variations like this but none of them are working.
Reading on the forums, I found this. The only issue with this method is it opens it up to the entire guest network and I want to only allow access to a single IP address.
I'm a novice at Linux scripting so I may be missing something here. Is there a better way to do this?
#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o w11.1 -s 192.168.3.29 -d 192.168.2.10 -j ACCEPT
iptables -I YazFiFORWARD -i w11.1 -o wl0.1 -s 192.168.2.10 -d 192.168.3.29 -j ACCEPT
I want to only allow access to port 9000 on the camera (192.168.3.29; guest network 1 2.4ghz) to a single IP (192.168.2.10; guest network 1 5ghz). I've tried several variations like this but none of them are working.
#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o w11.1 -s 192.168.3.29 -d 192.168.2.10 -j ACCEPT
iptables -I YazFiFORWARD -i w11.1 -o wl0.1 -s 192.168.2.10 -d 192.168.3.29 -p tcp --dport 9000 -j ACCEPT
Reading on the forums, I found this. The only issue with this method is it opens it up to the entire guest network and I want to only allow access to a single IP address.
#!/bin/sh
HOST=192.168.3.29
PORTS=9000 ## list of space separated port numbers
PROTOCOL=tcp ## tcp or udp, depending upon needs
for guest in wl1.1 ; do
iptables -I YazFiFORWARD -i w10.1 -o $guest -s $HOST -j ACCEPT
for port in $PORTS ; do
iptables -I YazFiFORWARD -i $guest -o wl1.1 -p $PROTOCOL --dport $port -d $HOST -j ACCEPT
done
done
I'm a novice at Linux scripting so I may be missing something here. Is there a better way to do this?