1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block Upnp over OpenVPN bridge Tap11

Discussion in 'Tomato Firmware' started by kthaddock, Feb 7, 2012.

  1. kthaddock

    kthaddock Network Guru Member

    Need som help with this:
    How to setup Upnp?
    I want to block client-Upnp from my other subnet, It's connected with openvpn TAP and TCP.

    I have blocked DHCP-request but UPnP still working from other subnet.

    kthaddock
     
  2. lancethepants

    lancethepants Network Guru Member

    I modded these from the DHCP thread. Try them out and let me know.
    http://linksysinfo.org/index.php?threads/block-dhcp-over-openvpn-bridge.36739/

    UPNP

    ebtables -A INPUT --in-interface tapX --protocol ipv4 --ip-protocol udp --ip-destination-port 1900 -j DROP
    ebtables -A INPUT --in-interface tapX --protocol ipv4 --ip-protocol udp --ip-source-port 1900 -j DROP
    ebtables -A FORWARD --out-interface tapX --protocol ipv4 --ip-protocol udp --ip-destination-port 1900 -j DROP
    ebtables -A FORWARD --out-interface tapX --protocol ipv4 --ip-protocol udp --ip-source-port 1900 -j DROP

    NAT-PMP

    ebtables -A INPUT --in-interface tapX --protocol ipv4 --ip-protocol udp --ip-destination-port 5351 -j DROP
    ebtables -A INPUT --in-interface tapX --protocol ipv4 --ip-protocol udp --ip-source-port 5351 -j DROP
    ebtables -A FORWARD --out-interface tapX --protocol ipv4 --ip-protocol udp --ip-destination-port 5351 -j DROP
    ebtables -A FORWARD --out-interface tapX --protocol ipv4 --ip-protocol udp --ip-source-port 5351 -j DROP
     
    alfred likes this.
  3. kthaddock

    kthaddock Network Guru Member

    Okey Thanks!
    I test this later on, not have time just now.

    Ps: DHCP- line working !

    kthaddock
     
  4. kthaddock

    kthaddock Network Guru Member

    Yes this working very good, UPNP and DHCP are blocked on Tap11 line. ;) From Other side, Tap 21 same results. ;)
    Maby something to Toastmans TuT:s
     

Share This Page