Disabling upnp for specific hosts in dd-wrt / openwrt routers

The DCS-932LB1 webcam from D-Link is a very naughty webcam that pretends it has turned off upnp when it hasn’t. This is a security hole, opening up your webcam to the world and D-Link don’t seem to care.

The best thing to do is disable upnp completely in your router, however you might need it. Fortunately if you’re running DD-WRT or OpenWRT you can add custom firewall rules, to block upnp from a specific MAC address you’ll want 2 like this:

iptables -I INPUT -p tcp --dport 5000 -m mac --mac-source b0:c5:54:11:90:20 -j DROP
iptables -I INPUT -p udp --dport 1900 -m mac --mac-source b0:c5:54:11:90:20 -j DROP

In DD-WRT this is added in Administration->Commands->Firewall.

 

Leave a Reply

Your email address will not be published. Required fields are marked *