Hi everybody !
Im trying to use iptables to block all ports but one for a specific IP on my lan.
But I have no luck
Router : RT-N66U@MERLIN / 192.168.0.1
Device/IP : 192.168.0.133
The IP belongs to a central heating unit which runs a VNC server (@5900),and is able to be controlled via an APP.
As nice as it may be,to use the APP,I prefer the vnc option,and dont like having the unit always be connected to the companies cloud server,besides the connection has a data limit ,so its bad either way to be always connected.
Right now I use roboCFG to disable the physical ethernet port(and enabled/disable it as I need it via ssh),but thats not a real solution,as ,as soon as I enable the interface again,the unit phones home to the company server...
To be on the safe side,I also add /remove the virtual server route via ssh,so the vnc server is only reachable on the wan when I choose it to be.
SO what Im looking for is an iptables setting,that blocks ALL but ONE (5900) port for 192.168.0.133.
also I need a way to remove this total block via ssh at a later point.
BIG thanks ahead for help !!
Im trying to use iptables to block all ports but one for a specific IP on my lan.
But I have no luck
Router : RT-N66U@MERLIN / 192.168.0.1
Device/IP : 192.168.0.133
The IP belongs to a central heating unit which runs a VNC server (@5900),and is able to be controlled via an APP.
As nice as it may be,to use the APP,I prefer the vnc option,and dont like having the unit always be connected to the companies cloud server,besides the connection has a data limit ,so its bad either way to be always connected.
Right now I use roboCFG to disable the physical ethernet port(and enabled/disable it as I need it via ssh),but thats not a real solution,as ,as soon as I enable the interface again,the unit phones home to the company server...
To be on the safe side,I also add /remove the virtual server route via ssh,so the vnc server is only reachable on the wan when I choose it to be.
SO what Im looking for is an iptables setting,that blocks ALL but ONE (5900) port for 192.168.0.133.
also I need a way to remove this total block via ssh at a later point.
BIG thanks ahead for help !!