Block outgoing and ingoing traffic (from/to wan) for a specific IP address

[Leonardo Fiori]

I am really a newbie in networking... How to use this panel?
I want to always block that IP from connecting to the WAN and receiving connections from the WAN. On all the ports.

It's a cheap chinese IP Camera (IEGeek), after reading some articles i don't trust it anymore at 100%, and instead of using propietary P2P connection to see it from outside the lan, i want to team viewer into my always-on laptop that i have here in home, and see it from there. I use it for many thingies and i find it very useful this time. At least i can trust Team Viewer.

 

[Jack Yaz]

I am really a newbie in networking... How to use this panel?
I want to always block that IP from connecting to the WAN and receiving connections from the WAN. On all the ports.

It's a cheap chinese IP Camera (IEGeek), after reading some articles i don't trust it anymore at 100%, and instead of using propietary P2P connection to see it from outside the lan, i want to team viewer into my always-on laptop that i have here in home, and see it from there. I use it for many thingies and i find it very useful this time. At least i can trust Team Viewer.

Destination of 0.0.0.0 should block everything.


Off topic, but I don't trust Teamviewer after this: https://www.google.com/amp/s/www.theregister.co.uk/AMP/2016/06/01/teamviewer_mass_breach_report/

 

[ColinTaylor]

Create two entries, one for TCP and one for UDP.

 

[Leonardo Fiori]

Create two entries, one for TCP and one for UDP.

View attachment 19234

And leave all the other fields blank?

Destination of 0.0.0.0 should block everything.


Off topic, but I don't trust Teamviewer after this: https://www.google.com/amp/s/www.theregister.co.uk/AMP/2016/06/01/teamviewer_mass_breach_report/

Thanks i will try.

Uhh... that's not good stuff. I hope it was just a trojan built to steal team viewer accounts. I always use different passwords, and on that pc i do not have credentials saved. I will setup 2fa auth. Scary stuff but still better than an unencrypted chinese server! (At least if i do not have any critical informations in the pc)

 

[ColinTaylor]

And leave all the other fields blank?

Yes.

 

[Leonardo Fiori]

Yes.

I did both, using 0 0 0 0 and blank. Looks like it is working. But it blocks also inbound connections? or only outgoing

 

[ColinTaylor]

But it blocks also inbound connections? or only outgoing

Both. Technically it's only blocking outgoing traffic but all network traffic is "conversational" so even if somehow there was some incoming traffic any replies would be blocked.

 

[Leonardo Fiori]

Both. Technically it's only blocking outgoing traffic but all network traffic is "conversational" so even if somehow there was some incoming traffic any replies would be blocked.

Great! So to block just a port on all the IPs i guess i just have to specify the port in port range, and add the rule?

 

[ColinTaylor]

Great! So to block just a port on all the IPs i guess i just have to specify the port in port range, and add the rule?

Yes. Like it says at the top of that page, if you want to block a device connecting to a HTTP web server you would enter 80 as the destination port.

 

[Leonardo Fiori]

Yes. Like it says at the top of that page, if you want to block a device connecting to a HTTP web server you would enter 80 as the destination port.

Perfect! Thank you again

May i ask another question? Just a small offtopic one haha

My router is getting automatic ip from the modem integrated in my isp's antenna.

When i port scan my external ip address i see that there are port 22 and 81 and some other ports open.

I can't close them at because they are open in the modem.

I configured them to be closed in my asus router, tho.

Can i consider that safe? Or i need tell this to my isp?

 

[ColinTaylor]

My router is getting automatic ip from the modem integrated in my isp's antenna.

I have no personal experience of this specific type of device. Presumably it's some sort of rural wireless internet service.

When i port scan my external ip address i see that there are port 22 and 81 and some other ports open.

I can't close them at because they are open in the modem.

...

Can i consider that safe? Or i need tell this to my isp?

That's not that unusual. They're probably required so that the ISP can remotely manage the device (e.g. firmware updates, monitoring, diagnosis, etc.). I wouldn't worry about it.

I configured them to be closed in my asus router, tho.

That's not necessary. The ports won't be forwarded to your router, and even if they were, all unsolicited incoming traffic is dropped by the router's firewall by default. (I'm not sure how you configured them to be closed on your router. )

 

[Leonardo Fiori]

I'm not sure how you configured them to be closed on your router.

Like this!

Great! So to block just a port on all the IPs i guess i just have to specify the port in port range, and add the rule?

___

Presumably it's some sort of rural wireless internet service.

Yup, unfortunately it is.

The ports won't be forwarded to your router

From what i know the external modem has a dmz pointed to my asus router's ip.. but it don't think it would forward also ssh, otherwise how do could they have access to it?

 

[ColinTaylor]

Like this!

That shouldn't really be necessary. Any unsolicited incoming traffic reaching the router's WAN interface will be dropped by it's firewall. The traffic never reaches the LAN. The only way it could get there is if there was a port forwarding rule setup (see System Log - Port Forwarding) that redirected traffic to a particular client.

* Remember, all the Network Services Filter rules are written with the LAN client(s) as the source and the internet server(s) as the destination.

 

[Leonardo Fiori]

That shouldn't really be necessary. Any unsolicited incoming traffic reaching the router's WAN interface will be dropped by it's firewall. The traffic never reaches the LAN. The only way it could get there is if there was a port forwarding rule setup (see System Log - Port Forwarding) that redirected traffic to a particular client.

* Remember, all the Network Services Filter rules are written with the LAN client(s) as the source and the internet server(s) as the destination.

Ok perfect thank you for now!

 

[tzaranek]

I am really a newbie in networking... How to use this panel?
I want to always block that IP from connecting to the WAN and receiving connections from the WAN. On all the ports.

It's a cheap chinese IP Camera (IEGeek), after reading some articles i don't trust it anymore at 100%, and instead of using propietary P2P connection to see it from outside the lan, i want to team viewer into my always-on laptop that i have here in home, and see it from there. I use it for many thingies and i find it very useful this time. At least i can trust Team Viewer.

I was looking for the answer to this and I think I found a cleaner solution. In my case I wanted to isolate the entire network LAN to WAN network except for specific IPs and White List was the answer for me. White List blocks ALL traffic to WAN except for the specified list.