I was searching the forums today for something that could “disable” IP cameras, specifically as a way to prevent photos or video feeds from interior cameras (like the one in my living room, say) being processed by the Vera or uploading to MCV servers when my family is home. While I found several people suggesting putting the cameras on controllable switches, this seems to me to have at least two big drawbacks: A) most of my PT cameras auto-center when powered up, ignoring whatever the previous state was and B) it’s not particularly affordable, especially if you have more than one or two cameras.
So, having spent a bit of time hacking on the PingSensor plugin, I figured I could whip something up that would fit the bill, and having succeeded at creating a pretty minimal scene to accomplish what I want (along with some moderate CLI work on my Vera3), I figured I would share with the community. Mind you this is pretty basic (I can already see room for improvement), so if you’re closer to the paranoid side of the information security spectrum, this won’t really fit the bill. As you will see, this all makes use of Vera’s already running firewall.
Steps:
1. Set up and include a new chain (I called mine interior_cams; if you’d prefer something else, just be sure to replace it as appropriate in your iptables commands). I did this from the command line by ssh’ing into my Vera3, though apparently this can also be done via the DD-WRT interface. Once logged in to the vera, we want to edit the /etc/firewall.user file, and include the following
iptables -N interior_cams
iptables -I OUTPUT -j interior_cams
The first line creates a new chain; the second places a “pointer” to the new chain at the beginning of the OUTPUT chain, so that all traffic leaving the Vera is passed through the new chain. Doing it this way provides a separate chain that we can manipulate without potentially mucking up the built-in default set of firewall rules, nor will (reasonable) changes to the default firewall rules interfere with our setup.
2. Activate the new chain. You can either reboot your Vera, which will cause the firewall to be reloaded, or if you’re at the command line already, you can just execute the two iptables commands above directly from there. You can verify that these are in place by running “iptables -L” from the command-line (you’ll probably have to scroll back a bit). If it worked you should see two things, though quite a few lines apart. First, near the top of the command line output, you should see:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
interior_cams all -- anywhere anywhere
There will be more lines right below this, but that’s how it should start.
Then, farther down, you should see a section that looks like:
Chain interior_cams (1 references)
target prot opt source destination
If you don’t see these two things, you may want to doublecheck that you got the text in /etc/firewall.user correct and/or reboot your Vera to ensure the firewall is really getting restarted.
3. Create a new scene in Vera (I named mine “Block Interior Cameras”). Don’t bother with any devices, triggers, or schedules, and instead click on the Luup tab. In the Code textblock include the following:
os.execute("iptables -F interior_cams")
os.execute("iptables -I interior_cams -d {your camera's IP address} -j REJECT")
os.execute("iptables -I interior_cams -d {your other camera's IP address} -j REJECT")
Add as many of the “-j REJECT” lines as you have cameras. Note that this assumes you have static (or statically-assigned DHCP) address configured for your IP cameras. Confirm your changes and click Save at the top right.
4. Test the new scene. I would do this by trying to view one of the cameras before running the scene, verify that you see an image, then run the scene by hand and reload the camera view, which should now return a 100x100 pixel image that says “Camera not responding.” I did this in Chromium by right clicking on the cam image displated on the device page, which pulls it up in a separate tab so that I can just hit reload as I’m testing.
5. Assuming this worked, now you need a way to see the camera again, which requires creating a new scene, which I called “Allow Interior Cameras”. Much like the previous scene we create in step 3, go right to the Luup tab, but this time, the only code we need to enter into the text box is:
os.execute("iptables -F interior_cams")
As before, confirm the changes and click Save.
6. Test the second scene. Just like before, but now run the “Allow Interior Cameras” scene. The “Camera not responding” image should go away and be replaced with the view from your camera.
Now, whenever you’re at home and don’t want Vera watching you, run the “Disable Interior Cameras” scene. Then when you leave (or whenever you want the cameras monitored again), you can run the "Allow Interior Cameras. Appropriate triggers are left as an exercise for the reader.