Dear Experts, Is it possible to control what LAN clients can administer the firewall by UPnP. I have recently learned that client-to-client filtering will not come into play for clients on the same LAN as those client packets don't pass through the firewall. However, I presume it is possible to filter client-2-firewall on the LAN side. Presumably packets would traverse the firewall TCP/IP stack thereby triggering iptables into action. That is, clientA (IP address) is allowed to communicate directly with the firewall for UPnP but clientB and clientC are not. If UPnP is enabled then, iptables will provide some protection as to what clients can talk to its UPnP ports. Also, if client-2-firewall on the LAN side is possible, one could further lock down the firewall to only allow clientA communicate to port http, https and ssh that may also be open on the firewall. A defence in depth strategy. Firewall I am using is WRT54G running dd-wrt. But I guess the question is open to all kinds of iptables-ready machines, be they standalone PC's converted to a firewall. All feedback welcomed. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
