Block port 80 to specific IP

crispycritter · Jun 29, 2015, 1:57 PM

What is the best way to write a rule to block port 80 & 443 to a specific IP address?

muswellhillbilly · Jun 29, 2015, 2:27 PM

One way: Create a port alias containing ports 80 and 443 and call it 'WebPorts' for instance. Then write your rule thus:

crispycritter · Jun 29, 2015, 4:15 PM

Wrote the rule as specified but the server at the specified IP still has access to the Internet.

doktornotor · Jun 29, 2015, 4:17 PM

Post the screenshots of your WAN rules. (Note: You need to reset states - Diagnostics => States => Reset states after restricting access.)

muswellhillbilly · Jun 30, 2015, 7:31 AM

@crispycritter:

Wrote the rule as specified but the server at the specified IP still has access to the Internet.

Maybe I misread your post, but I thought you were trying to stop your LAN users from accessing a remote host on ports 80 and 443. Not prevent the host from accessing the internet.

Perhaps you should post a diagram of what you're trying to do. Please clearly indicate your firewall, the internal hosts and any external targets involved. And show the traffic direction - the source and target(s).

phil.davis · Jun 30, 2015, 11:51 AM

@crispycritter:

What is the best way to write a rule to block port 80 & 443 to a specific IP address?

It sounds like you really mean:

What is the best way to write a rule to block access to destination port 80 & 443 from a specific IP address?

crispycritter · Jun 30, 2015, 1:38 PM

Sorry - I'll provide the complete detail for this project. I have multiple servers on the network. One of these servers is an RDP server hosting multiple user logins. Just for this one server only I need to block access to the Internet. I need the result to be that anyone using this server, logging in as a remote session, will not have access to the Internet. I would like to do this at the router level, blocking ports 80 and 443 to this servers specific IP address only. Per previous instructions I built the Aliases for 80 & 443 and built the rule but it did not block the Internet for this server.

KOM · Jun 30, 2015, 1:44 PM

OK, to block access from LAN to Internet, you need a rule on LAN that blocks the specific source IP address to the ports defined by your alias. It's pretty easy.

muswellhillbilly · Jun 30, 2015, 1:49 PM

Just a bit of modification on the previous LAN block rule should do it:

crispycritter · Jun 30, 2015, 2:54 PM

Thanks for your help! The last rule given works perfectly for this need.