Block port 80 traffic from lan to wan

apant

I have a lan 192.168.2.0/255.255.254.0 and I want to block the traffic of port 80 from subnet 192.168.2.0/24 to WAN. But I wonder why this is not working ???

I created a rule (LAN Interface) that blocks trffic with source 192.168.2.0/24 to destination port 80. But it is not working… If I put protocol ICMP instead of TCP/UDP 80 it works and blocks ping requests !

Metu69salemi

You are having subnet problems
your subnet is 255.255.254.0 aka /23
and rule is 255.255.255.0 aka /24

if you want to deny access of that block use ip-aliases for that many clients

apant

But it works for ICMP… If subneting was the problem the rule shouldn't work for ICMP too...

Metu69salemi

Maybe icmp is blocked by non operational rules.

Try atleast to create aliases with proper mask and try then again

Cry Havok

Are you running Squid?

Can you post a screenshot of your rules please - that's the easiest way of us seeing what the problem may be.

apant

No I am not running squid.

This is the rule I am trying to do and I remind you that my LAN address is 192.168.2.0/23

rule.jpg_thumb

Cry Havok

That is for the OpenVPN interface, is that what you wanted?

apant

No. I forgot to change it when I created the screenshot. The Lan Interface I want.

Cry Havok

Please post a screenshot of the actual rule, not a mockup.