Block Internet Access for IP (I thought I knew how but...)


I just wanted to block ALL traffic from a GREEN IP to the RED interface. I thought I knew how to build the rule and what I have blocks websites but all other traffic goes through. Please see image. This is rule #1 in my list. I’m trying to block a camera and the feed flows to the Internet as if there was no rule.

Frustrated, I used SSH and issued the iptables rule that simply got the job done.
iptables -A INPUT -i eth1 -s -j DROP
I updated firwall.local with this for permanence (start / stop).

There must be some precedence-order thing I’m overlooking because this which can be easily done from BASH should be possible in IPFire’s GUI with no problems.

Please educate me, ridicule me, whatever…

I thank you all for any help you can provide.

Oh, by the way:
For context: I’m using Core Update 141 - wrestling with DNS issues


change the destination standard networks to ANY


Thank you for the suggestion! I went back and assigned my camera a different IP (because iptables was blocking it) so I could test the new rule. I tried the “ANY” setting yesterday with no joy and decided to try it again because you were kind enough to suggest it.

Here’s what I realized. In short, it worked, and this is why it didn’t yesterday… When these cameras are on they make a persistent connection to the manufacturer’s web service. When I put the rule in place I simply stopped and started the app thinking that was a good test when, in fact, the camera was still connected. As you know a new rule does not affect ongoing connections so I wrongly thought the rule was not working.

Thank you for the help!!

  • Phil
1 Like