Greetings,
My problem: i have a chromecast and recently some people found a way to abuse them since they open several ports to the outside. Google's answer to that was "the chromecast is working correctly, the problem is that your router is misconfigured, you need to disable upnp and the problem will be fixed"
Since i don't want to create several dozen of port-forwarding rules to all my computers and devices in my network, disabling upnp is out of the question (i'm not saying upnp is safe, i'm saying that asking people who know nothing about computers, to disable that feature to fix a problem that's on google's side, will cause way more headaches, since they don't inform them that if they disable it, they will need to manually open the ports themselves) .. and since i (pretty much) trust my devices and the ports they open, it's easier to just create some rules on the router's firewall to block the ports chromecast use (8008, 8009 and 8443).
I made the script and i confirmed that it is running. My question is: is it possible to make the rule so that it only affects a specific internal ip (chromecast's ip), so if in the future if need to use those ports with another device, they will work without the need of me deleting the rule?
What i have now is:
Can i use "iptables -I FORWARD -p tcp --dport 8008 -d 192.168.2.105 -j DROP" ? Does the destination IP in this line work the way i ask? I know a certain port can only be forwardeded to one ip address at the same time. But with the -d flag, can i for example run a program in my computer that uses the port 8008 and it will actually work because it has a different ip from the chromecast?
Thanks in advance
My problem: i have a chromecast and recently some people found a way to abuse them since they open several ports to the outside. Google's answer to that was "the chromecast is working correctly, the problem is that your router is misconfigured, you need to disable upnp and the problem will be fixed"
Since i don't want to create several dozen of port-forwarding rules to all my computers and devices in my network, disabling upnp is out of the question (i'm not saying upnp is safe, i'm saying that asking people who know nothing about computers, to disable that feature to fix a problem that's on google's side, will cause way more headaches, since they don't inform them that if they disable it, they will need to manually open the ports themselves) .. and since i (pretty much) trust my devices and the ports they open, it's easier to just create some rules on the router's firewall to block the ports chromecast use (8008, 8009 and 8443).
I made the script and i confirmed that it is running. My question is: is it possible to make the rule so that it only affects a specific internal ip (chromecast's ip), so if in the future if need to use those ports with another device, they will work without the need of me deleting the rule?
What i have now is:
Code:
#!/bin/sh
logger "Regra iptables Block Chromecast"
touch /tmp/000firewall-start
iptables -I FORWARD -p tcp --dport 8008 -j DROP
iptables -I FORWARD -p udp --dport 8008 -j DROP
iptables -I FORWARD -p tcp --dport 8009 -j DROP
iptables -I FORWARD -p udp --dport 8009 -j DROP
iptables -I FORWARD -p tcp --dport 8443 -j DROP
iptables -I FORWARD -p udp --dport 8443 -j DROP
Can i use "iptables -I FORWARD -p tcp --dport 8008 -d 192.168.2.105 -j DROP" ? Does the destination IP in this line work the way i ask? I know a certain port can only be forwardeded to one ip address at the same time. But with the -d flag, can i for example run a program in my computer that uses the port 8008 and it will actually work because it has a different ip from the chromecast?
Thanks in advance