Do you block Blue Iris from internet access?

camviewer43

Getting the hang of it
Joined
Mar 14, 2020
Messages
176
Reaction score
50
Location
US
Wondering if you folks block Blue Iris from having internet access the same way you block your cameras. I only have my outdoor cameras on Blue Iris right now, but I don't access Blue Iris from the internet (no ports forwarded to BI and no https proxy, only VPN). But I haven't blocked Blue Iris from internet entirely. I'd like to also put my indoor camera (baby room) on Blue Iris for doing some recordings. Obviously a much more sensitive camera and thought I should do more to ensure BI isn't accessible from the internet at all. Wondering what other people do? Do you trust Blue Iris to not be sending camera footage to their cloud? And does BI work if it's entirely blocked from internet? Do you only need to have a time server setup and that's it?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Help file p.217
Although continuous Internet access is not required, the software either must be connected
to the Internet occasionally to check for updates and licensing, or the license must be re-
entered at least once each year using offline methods as the support and maintenance date
expires
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
I wouldn't worry about BI sending video out to the internet like that. I'd consider it enough security to simply not open a port for it through your router's firewall. And also make sure UPnP and NAT-PMP are disabled in your router since those are two systems that devices can use to open ports to themselves without your knowledge.

If you do want to prevent BI from accessing the internet altogether but still have the machine on the network so you can access via VPN, it should be sufficient to assign a static IPv4 address with no gateway, and disable the IPv6 protocol on the network interface.
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,377
Reaction score
2,738
Location
USA
My BI machine is 100% dedicated to running BI and nothing else. It's located in my "wiring closet" which is under a set of stairs. I actually have three machines in there (firewall, home automation/PBX phone machine, and BI) hooked up to a KVM switch in case I need to access the machine locally. Normally I access it via RDP however.

Personally I do allow my BI machine access to the internet. Not only does it make updates much easier, but I like to be able to use the local browser to search for things on the internet if I am having an issue, etc. Sure I could turn a firewall rule on and off when needed, but I really don't see the point. Cameras on the other hand are definitely blocked 100% of the time.
 

D0T-C0M

Getting the hang of it
Joined
Feb 21, 2021
Messages
103
Reaction score
28
Location
NB, Canada
I block all my cameras from accessing the internet but let BI access the net for outgoing only and incoming connections are blocked. I run an asus AX88u router with merlin firmware and I have the openVPN server enabled. This allows me to connect to my local lan and access my BI server securely and privately through a VPN and also I can login to individual cameras if I want just like I was at home. I did it that way because in the logs I was seeing login attempts when I opened up a port for the BI webserver.
 

rocky500

Getting the hang of it
Joined
Jun 24, 2019
Messages
50
Reaction score
33
Location
Australia
I like to use the phone app when I'm out and about, so have my BlueIris connected to the internet.
I have a house alarm that notifies me on my phone if something trips it and then can log into Blueiris and check cameras. If it happens to be my cat that triggered it, I can reset the alarm on the phone and carry on. :)
 
Top