I'm running red5-server-1.0.3 on a centos 6 64bit vps and wish to do live-camera webcasting with it.
In order for me to upload the video stream, and for site visitors to see the image I have to open port 1935 in iptables and I've learnt that if I have red5 running on my server anyone - not just me - can connect to it and upload/stream their own video, which is a real security risk. I have to have the port (1935) open in iptables otherwise no-one can view the video stream. Is there a way to configure iptables so that only I can feed it the input video, but anyone can view it? The line I have in iptables right now is:
I've also been looking into the red5 app itself but so far can see no way of closing this gaping hole.

This sounds more of a red5 issue and not a firewall issues. red5 is allowing users to add streams and you need to block this at the server.

I would suggest that you move away from port based firewall to connection based firewall. You have better control over how people connect to your system.

For example your firewall is allowing any traffic to port 1935 which allows anyone to inject anything they want as long as it is going to port 1935.

With a connection based firewall you can say for example if there is a new connection and it doesn't have the SYN flag set, drop it. This would only allows new connection that are SYN requests instead of blindly allowing anything go to port 1935.

yes I thought this might be a red5 issue too but securing red5 is a nightmare, I've been at it for three days and still can't work out how to restrict the red5 input source, that's why I was hoping for a firewall based solution.
Where does one start in getting a connection based firewall?

Have you googled this?

yes but google doesn't find much on 'connection based firewall'. Would such a firewall go by a different name?

Try configure red5 streaming