I'm making progress!
Instead of:
I tried setting up a port forward for the phone's MAC address, but I am doing something incorrectly:
on Luci: Network > Firewall > Traffic Rules > Open ports on router with the settings:
Any TCP, UDP
From any host in any zone with source port 8765 and MAC xx:xx:xx:xx:xx:4A (MAC address I'm testing from)
To any host, port 8080 in any zone
I tried on Luci: Network > Firewall > Port Forwards
IPv4-TCP
From any host in lan with source MAC xx:xx:xx:xx:xx:4A (MAC address I'm testing from)
Via IP 10.0.1.8 at port 8765 (the Yun is at 10.0.1.8 )
any host, port 8080 in lan
This enabled the browser with the listed MAC to connect to the port 8080 stream via
http://10.0.1.8:8765/stream.htmlAt this point, other browsers could still connect at
http://10.0.1.8:8080, but when I added another rule (not sure if this is the best way to do this):
IPv4-TCP
From any host in lan
Via any router IP at port 8080
any host, port 8888 in lan (8888 is just a random port I'm not using)
...then attempts to connect on 8080 fail as intended.
I'll see if I can now 1) set my home router (a Time Capsule, which can't handle this MAC filtering) to port forward 8080 to the Yun on 10.0.1.8, 2) put the MAC addresses of the devices I want to authorize into similar rules in the Yun firewall, and 3) modify the rules to work with connections coming from outside my home network.
Edit: Close, but no cigar...
The cable internet gateway puts its own MAC address on the traffic, so I won't be able to use the phone's MAC address this way. Back to the drawing board (on to the next drawing board)...