Allow only Viber connection, and block all other connection

ast · Jun 30, 2018, 3:27 AM

Thanks for the tip of logging the block rule, but can i know how to check the log of the block rule? Or how to enable logging?

TIA!

ast

stephenw10 · Jun 30, 2018, 2:33 PM

Enabling logging is an option in the firewall rule. Edit the rule and scroll down to 'Extra Options. Check Log packets that are handled by this rule.

Traffic that is logged appears int he firewall log: Status > System Logs > Firewall tab.

Steve

ast · Jun 30, 2018, 2:48 PM

@stephenw10 Hi Steve!

Thanks a lot for the info! Will try this out when I get back to the office.

ast

ast · Jun 30, 2018, 2:53 PM

I was able to remote access our Pfsense box, I was able to enable the logging before :) is there a way to view the firewall log in a way that only the concerned rule will only show?

stephenw10 · Jul 1, 2018, 2:56 AM

Not directly from the GUI. However you could get more detailed by testing from one particular client and then filtering by that source IP.

Steve

ast · Jul 1, 2018, 2:56 AM

@stephenw10 Hi!

Yes I was able to filter by only the concerned source IP, was hoping that I can sort for only the concerned blocked rule to narrow down.

ast

stephenw10 · Jul 1, 2018, 4:43 PM

What other rules to you have blocking traffic from that client? If I understood correctly only traffic you are passing with your rule to allow Viber should pass. Everything else from that client will be hitting the block rule so all blocked traffic from that IP in the firewall log should be hitting that rule.

Steve

ast · Jul 2, 2018, 4:01 AM

Yes, only Viber connection are being passed, all other connections are blocked.

As of now, Viber messages are passing thru with no problems.

Only problem: Viber photo/video sharing, and Viber voice at video calls are not passing thru.

I can see Viber connections to amazonaws.com and cloudfront.net which i already added to the allowed connections. Just don't know if this is the needed open connection, and don't know if I'm doing it right. :(

stephenw10 · Jul 2, 2018, 12:50 PM

Well, as I said earlier, it's going to be difficult to achieve this using only firewall rules.

Viber likely has a large CDN to host that sort of content with a very large number of IPs. If they use port 443 (which they claim to need) it will be hard to prevent clients using that for general web browsing etc.

Steve

ast · Jul 4, 2018, 5:18 AM

As of now, I think was able to achieve this firewall rule/s....what I did was allow the target devices to connect to Amazonaws.com IP Range, firewall alias URL's....so allowing connections to Viber.com, allowing connections to Amazonaws, then blocking everything else. The tricky part is Amazonaws got a couple of ASN.

Thanks a lot for your help Stephen!