Block an IP
-
Hi. I feel dumb for asking such a basic question, but I can't figure this out. I Googled, but I keep finding how to block an IP on your LAN from getting out. That's not what I want. I want to block any PC on my LAN from being able to reach a certain IP out on the net. I tried adding a LAN rule set to block, protocol any, destination single address with the IP in, left port fields blank. That didn't work so I changed it from LAN to WAN.. still didn't work. I'm sure it's something simple I am just not grasping, but can someone point me in the right direction? Thanks!
-
Firewall rule on LAN:
Reject IPv4 protocol any source LAN net Dest IP to block
Put it above any pass rules.
-
The "put it above any pass rules" is the key part
-
What mer said. By way of explanation, firewall rules are applied 'top down', so any specific block rules need to be put above the allow rules, otherwise the allow rule is applied before the block and the block is bypassed.
-
Thanks a lot!