Ultimately, I want to use my Pi with the camera module and likely sensor module to detect someone, then record a clip.
- the basic principle of this: https://projects.raspberrypi.org/en/pro ... t-detector
But with one slight tweak, I’d like to view the camera remotely too. So, it’s important that the firewall is configured well to avoid unsolicited access.
Below is my current configuration. The idea being;
INBOUND – HTTP/S Allow, SSH on LAN Allow, all other deny.
OUTBOUND – I did want the same but struggling with getting this setup.
When I use something like:
sudo ufw default deny outgoing
It blocks everything despite adding rules to allow HTTP/S. I thought the above with a specific rule to allow HTTP/S would do the trick but apparently not.
Essentially all this boils down to, can you review the following rules and confirm they're serving a purpose and not just undermining itself?
Secondly, suggest how I can have a more desirable configuration (desirable in the sense of more secure)? Have I left any gaps/weaknesses? With the consideration of IP camera down the line.
Thirdly, after hearing my intentions, can you help me establish a good outgoing rule(s)?
To Action From
-- ------ ----
443 ALLOW Anywhere
80 ALLOW Anywhere
1:21/tcp DENY Anywhere
1:21/udp DENY Anywhere
23:79/tcp DENY Anywhere
23:79/udp DENY Anywhere
81:442/udp DENY Anywhere
81:442/tcp DENY Anywhere
444:65535/tcp DENY Anywhere
444:65535/udp DENY Anywhere
22 ALLOW 192.168.0.0/16
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
1:21/tcp (v6) DENY Anywhere (v6)
1:21/udp (v6) DENY Anywhere (v6)
23:79/tcp (v6) DENY Anywhere (v6)
23:79/udp (v6) DENY Anywhere (v6)
81:442/udp (v6) DENY Anywhere (v6)
81:442/tcp (v6) DENY Anywhere (v6)
444:65535/tcp (v6) DENY Anywhere (v6)
444:65535/udp (v6) DENY Anywhere (v6)
