Invert Rule question
-
I thought I had it all figured out. I want traffic destined to 192.168.10.2 to ONLY be able to communicate over power 443 (and nothing else). So I made a block rule;
I figured I'm reading this as "block all traffic to this address unless it's over port 443"
Obviously I'm doing something wrong, as traffic over other ports to this address is being passed.
-
I read that rule as "Block all traffic to port 443 everywhere except 192.168.10.2"
Also remember to reset your states after making a rule change that blocks traffic. Existing states are not affected by a rule change.
-
Where did you put that rule, what rules are above it? What rules are below it.
Rules are evaluated top down, first rule to trigger wins, no other rules evaluated. As traffic enters the interface from that network.
That rule says if destination is anything other than 192.168.10.2 to port 433 block. But it doesn't allow traffic to anything, if traffic doesn't match that rule it just moves to next rule.
So say your dest was 192.168.10.100 port 80, it would look to rules below.
Also ! rules can be tricky if you have any vips setup.. You should prob be explicit in your rule design.
If you want to allow only traffic to 192.168.10.2 on port 443 then allow that, and below it put a block all rule.
Really need to see your full set of rules to know what is happening.