Quantcast
Channel: MikroTik
Viewing all articles
Browse latest Browse all 23620

General • Re: Chromcast firewall rules

$
0
0
You will have to somehow allow the reverse connection obviously.

You can make the thing a bit more secure by using something a bit like port knocking:
* add a dst-address-list criterion to your rule for port 8010
* populate this address list based on packets flowing to your ChromeCast control ports 8008-8009 with action=add-src-to-address-list with some appropriate timeout (w.g. 30s)
* you probably want this add-to-address list thingy to renew the timeout for each control packet (not just new connections) so you will probably want to place it before your established/related rule; also if you do this, you will probably want to selectively disable fasttrack for the control connections
Thanks, this is along the lines of what I was thinking. Will have a play to see if it works.

Btw: @Larsa The reason for not giving full access is firstly, that's a DHCP client, and while I could statically define a client, I have used this as an example. There are many clients on the trusted network that can initiate streaming, but I'd rather not allow full access from untrusted, even if it is limited to one port. The key reason I have these devices is on untrusted because I don't trust them. Things like set top boxes and appliances that are put into the field and are not patched/updated regularly.

Statistics: Posted by kanwhoa — Mon Apr 07, 2025 3:42 am



Viewing all articles
Browse latest Browse all 23620

Trending Articles