As a summary, I want to run the My Cloud Mirror on the LAN only and with access to the My Cloud app via iOS devices in the same network.
Therefore, I’ve updated to the latest My Cloud firmware (My Cloud Firmware 2.31.163) and looked at the below to build an autostart script:
I’m really pleased to see IPTABLES already installed in the firmware so plan to add the following script to load upon startup (replacing the IPTABLE config which resets to a default upon boot). Then activate My Cloud, link some iOS devices and test.
#IPTables Build Script
#Set default policies to drop all comms unless specifically allowed
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A SSHBFATK -j DROP
#Allow ALL Incoming/outgoing SSH on local network
iptables -A INPUT -i eth0 -p tcp -s 10.0.1.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d 10.0.1.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#Allow loopback device (internal communication e.g. database)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#Allow all local traffic on 10.0.1.0/24
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -A OUTPUT -d 10.0.1.0/24 -j ACCEPT
I’ll then check the router logs from My Cloud by my router. Can anyone think of anything that I’ve missed? Is IPTABLES secure enough? and does anyone know the purpose of chain filter SSHBFATK?
Before I start, is it fine to use the My Cloud this way in relation to the terms of service?