Assuming that you know how to:
-configure EMBY server
-setup iptables
-using a linux machine
I found a bit annoying from a security point of view to have my videos and pictures exposed as a public ip to the world.
the case:
I have a static ip on one location on a linux machine
and I'd love to access the Emby server only from my machine, and the network from where my phone is connected + my home network (this should also help in case of copyrighted material)
I first setup a dyndns for my router (which actually was already working)
then I focused on the iptables with the following script that I added to a cron job running every minute
#!/bin/bash
iptables -D INPUT -p tcp -m tcp --dport 8096 -j EMBY
iptables -D INPUT -p tcp -m tcp --dport 8290 -j EMBY
iptables -D INPUT -p tcp -m tcp --dport 8096 -j DROP
iptables -D INPUT -p tcp -m tcp --dport 8290 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 8096 -j EMBY
iptables -A INPUT -p tcp -m tcp --dport 8290 -j EMBY
iptables -A INPUT -p tcp -m tcp --dport 8096 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 8290 -j DROP
iptables -A EMBY -j DYNAMIC # tell iptables to redirect the EMBY traffic on the DYNAMIC table
iptables -F DYNAMIC # Flush the DYNAMIC chain
iptables -A DYNAMIC -s <home hostname> -j ACCEPT # Accept packets from home
iptables -A DYNAMIC -s <network of emby> -j ACCEPT # Accept packets from my machine in the emby location
iptables -A DYNAMIC -s <wireless dhcp network> -j ACCEPT # Accept packets from my machine in the emby location wifi - needed for the mobile
that's basically all that is needed
Alex
No comments:
Post a Comment