Greetings, please help me with a firewall rule to prevent an IP camera from accessing the wan. These cameras are notorious for calling the EZVIZ home site. The model of router is a Mikrotik hEX PoE. The camera needs to be visible to other machines on the 192.168.1.xxx network.
Normally I keep the cameras on an isolated 192.168.10.xxx network with no gateway using separate NICs, but I need this particular camera on the 192.168.1.xxx network for some toying around with.
Eg:
192.168.1.1 router/gateway
192.168.1.100 IP Camera
You could block traffic according to camera’s MAC address, hopefully it doesn’t do the “random MAC” stupidity.
If your hEX is otherwise on default settings, then you can add a filter rule like this one … place it below the rule that says “action=drop chain=forward connection-state=invalid” (and substitute the dummy MAC address with the one of your IP camera).
If you happen to use IPv6, then add the same rule under /ipv6 firewall filter.
Of course there are other ways of accomplishing the mission, I’m sure @anav will come up with a few after you come back with config export and network diagram
Sorry for the late reply. Thank you very much for your suggestions.
In exporting the config file, would it be best to export only the firewall settings?
Is there a way to paste text into the Terminal command line? Ctrl-V and Ctrl-Shift-V do not seem to work.
/export file=anynameyouwish (minus router serial number and any public WAN IP information)
Download the file to your computer.
Open it with notepad++
Copy and paste it to the forum here, and then highlight the text and apply the square code brackets above ( on the same line as Bold Underline etc) the black square with white square brackets.
