Gargoyle Forum

A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/

Solved: Do restrictions and quotas work for UDP? (yes)

https://www.gargoyle-router.com/phpbb/viewtopic.php?t=8375

Page 1 of 1

Solved: Do restrictions and quotas work for UDP? (yes)

Posted: Mon Feb 15, 2016 7:43 pm
by killerbeagle
I've got a "cloud camera" that insists on connecting to various servers in China. I just want to use it in local mode and block external connections. However, I have tried several methods, and none seem to work.

The camera appears to connect to 4 different external IP addresses via UDP to port 51800. I have a static IP address set for the camera. I have tried:
  • a restriction for all network access for "only the following host" for the camera
    a restriction for UDP to remote port 51800
    a restriction for UDP to the 4 external IP addresses
    a quota of 0.001 MB for the camera
Yet I still see 4 active connections to the addresses at that port. Even though the quota status shows 100% used, the connections continue.

This is on a WDR3600 with both 1.6.0 and 1.9.0 versions.

Am I missing something, like a check box saying "apply rules to UDP"? I know that at least quotas work in these builds, because I have seen them working for other devices on the network. Is there a way to look at the rules in effect by issuing some commands from an ssh session? Or do these functions not work on UDP?

Re: Do restrictions and quotas work for UDP?

Posted: Mon Feb 15, 2016 8:20 pm
by Lantis
Can you please post a copy of your settings so we can replicate them?

Obviously we won't have the same camera but we can try and investigate.

Re: Do restrictions and quotas work for UDP?

Posted: Tue Feb 16, 2016 2:22 am
by nworbnhoj
I am wondering if it is a case of the UDP connection being opened before the iptables rule is installed/enforced and the connection continues. What happens if you apply the rules and then power cycle the router and camera?

Re: Do restrictions and quotas work for UDP?

Posted: Tue Feb 16, 2016 11:34 am
by killerbeagle
I'm not seeing the problem any more. I think it was a combination of user confusion and the already-established connections that nworbnhoj mentioned.

The confusing part is that after adding all those rules and rebooting the router, I saw no mention in iptables output of the host IP, ports or remote IPs that were excluded. However, after a second router reboot, they were indeed there. I don't recall if I ever power cycled the router. At that point, I had already unplugged the camera. I plugged the camera back in last night, and have not seen any connections or bytes used in the last 12 hours.

So there does not appear to be an issue, but I may start power cycling and/or double rebooting after changing restrictions in the future.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited