Allow only Viber connection, and block all other connection
-
Enable logging on the block rule then run a test and check the firewall logs to see what is blocked.
I would imagine Viber use a very larger number of IPs and that they may change often which makes that difficult.
Steve
-
@stephenw10 Hi!
Thanks for the tip of logging the block rule, but can i know how to check the log of the block rule? Or how to enable logging?
TIA!
ast
-
Enabling logging is an option in the firewall rule. Edit the rule and scroll down to 'Extra Options. Check
Log packets that are handled by this rule
.Traffic that is logged appears int he firewall log: Status > System Logs > Firewall tab.
Steve
-
@stephenw10 Hi Steve!
Thanks a lot for the info! Will try this out when I get back to the office.
ast
-
I was able to remote access our Pfsense box, I was able to enable the logging before :) is there a way to view the firewall log in a way that only the concerned rule will only show?
-
Not directly from the GUI. However you could get more detailed by testing from one particular client and then filtering by that source IP.
Steve
-
@stephenw10 Hi!
Yes I was able to filter by only the concerned source IP, was hoping that I can sort for only the concerned blocked rule to narrow down.
ast
-
What other rules to you have blocking traffic from that client? If I understood correctly only traffic you are passing with your rule to allow Viber should pass. Everything else from that client will be hitting the block rule so all blocked traffic from that IP in the firewall log should be hitting that rule.
Steve
-
Yes, only Viber connection are being passed, all other connections are blocked.
As of now, Viber messages are passing thru with no problems.
Only problem: Viber photo/video sharing, and Viber voice at video calls are not passing thru.
I can see Viber connections to amazonaws.com and cloudfront.net which i already added to the allowed connections. Just don't know if this is the needed open connection, and don't know if I'm doing it right. :(
-
Well, as I said earlier, it's going to be difficult to achieve this using only firewall rules.
Viber likely has a large CDN to host that sort of content with a very large number of IPs. If they use port 443 (which they claim to need) it will be hard to prevent clients using that for general web browsing etc.
Steve
-
As of now, I think was able to achieve this firewall rule/s....what I did was allow the target devices to connect to Amazonaws.com IP Range, firewall alias URL's....so allowing connections to Viber.com, allowing connections to Amazonaws, then blocking everything else. The tricky part is Amazonaws got a couple of ASN.
Thanks a lot for your help Stephen!