If you have an outdoor Ethernet port—in my case with a WiFi AP connected—how can you go about protecting your network from somebody jacking in?

Is there a way to bind that port to only an approved device? I figured a firewall rule to only allow traffic to and from the WiFi AP IP address, but would that also prevent traffic from reaching any wireless clients connected to the AP?

Edit: For more context, my router is a Ubiquiti UDM and the AP is also Unifi AP

  • seang96@spgrn.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    4 months ago

    You could probably do an automation with home assistant to disable the report if the device gets unplugged, notify you about it, then require to you approve / re-enable the port.

    This of course would require the service to be running, but combined with MAC filtering and placing it on an untrusted VLAN that’s probably the best you could do.