RTMP Security?

[silentcossack]

Trying out Frigate (currently on zoneminder). Seems to be specifically built for detecting objects, while all other functionality is secondary. I realize this is a new project, so things will come in time. But given the fact that I cannot find a coral usb in stock anywhere, I have detection turned off for now, just doing 24/7 recording.

What baffles me is the lack of security for this security system. I read all the posts how you can go out and get proxy's to secure the ports, etc. Kind of like building a bank vault for you and then telling you to get your own door. Anyway, what about RTMP port? I have frigate running on a pi4, while my homeassistant is on another server on LAN. How do i secure RTMP feed? I have ethernet wires outside my house for cameras, so anybody can just plug in and enjoy all my cams.

Thanks.

[NickM-27]

I believe the actual security recommendation would be to have VLANs setup in your network. The Ethernet cables for your camera should only have one way communication to the server running your NVR and no other devices. Should likely also have Mac address filtering to avoid other devices communicating at all through these means.

Anyway, as far as RTMP direct solutions Frigate doesn't offer a direct way to set user / pass on RTMP restream but depending on how your setup is whatever is reading these streams (like home assistant) could work on localhost and you could not port map 1935 outside the docker network.

It's also worth mentioning that RTMP will be deprecated in favor of RTSP restreaming in the next release, which will internally utilize go2rtc

[silentcossack]

Thanks for the reply. I ended up adding firewall to pi to only allow access to API and RTMP from the home assistant server. I will also be taking your suggestion and setting up mac filtering or such on the managed switch for the camera ports. Problem is some of my cameras are going through an unmanaged switch first, so will need to do rewiring.

Cheers!