First I have to tell that I am a newbie, and have quite little linux-knowlgedge, as this is more a hobby than an occupational hobby. So apologies for asking a simple question.

I am building a home-surveillance system with 2 cameras using two Raspberry pis. I have port-forwarded my router to port 1194. On the first Raspberry (RPI1) I have installed Raspbian Stretch, and an Openvpn-server so that I can connect from the outside. I have also installed “Motion” on the same RPI. On the other RPI (RPI2) I have installed “Motioneye OS”. This system works great, both regarding connecting from the outside via Openvpn and VNC and from “the inside” with ssh, as it is, but I am wondering whether I need to protect my Raspberrys a bit more by making a configuration of Iptables on RPI1.

So I have tried the following configuration:

iptables -A INPUT -p udp --dport 1194 -j ACCEPT (openvpn)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT (ssh)
iptables -A INPUT -p tcp --dport 5900 -j ACCEPT (vnc)
iptables -A INPUT -j REJECT (Block everything else)


This doesn´t work, Iptables blocks me from using both openvpn, vnc, and ssh. Can anyone please help me with the configuration, or is it unnesscesary to use iptables as long as my RPIs are protected behind my router?

Most thankfull for any help!

Hi,

I recommend you use one of the packages that provides a user friendly front end to iptables. A couple of suggestions are arno-iptables-firewall or ufw, or the gui front end to ufw, gufw.

Evo2.

1 members found this post helpful.

I will try what you suggest!