Firewall Rule Blocking on Single Destination not Working
-
This post is deleted! -
Adding a block rule on LAN will block LAN traffic, so showing the WAN block log won't show you what you want.
Maybe I'm missing something, but your block rule is for dest 171.161.148.150, yet none of your LAN blocks in the log have this address. You have to be going to that specific destination IP for the traffic to be blocked.
-
The firewall logs show both WAN and LAN actions. In the first rule that tries to block just the one IP destination it is bypassing that rule so it wouldn't show up in the firewall logs. However, when I change the rule to block all the IPs, The ones I am trying to visit are caught and logged. So basically block all works, block one dose not.
-
Firewall rules apply to the interface that the traffic is entering, so if you want to block LAN clients you put your block rule on the LAN tab. Showing a WAN log is irrelevant in this case. You are only concerned with the LAN blocks. Of course if you set the block to dest Any then all traffic will be blocked. Your first screen shows a block to dest 171.161.148.150 will be blocked. Also note that any existing states will not be changed after you edit a rule, so you should clear your states via Diagnostics - States - Reset States.
-
@KOM said in Firewall Rule Blocking on Single Destination not Working:
Diagnostics - States - Reset States.
I had tried that before Diagnostics - States - Reset States.However, it did not work. But thanks for the advice, and thanks for trying to help.
Here is a pick showing wan lan logs to the same place.
-
Here, I made an example.
I did a ping to 8.8.8 which worked. Then I added the rule below:
Then I pinged again and it failed:
-
This post is deleted! -
Good luck. If you're still having problems, come on back.
-
If any one is reading this the fix was as KOM suggested in the first place doing the Diagnostics - States - Reset States. I did but not all the time and irregularly. If a firewall change does not at first appear to work do this first every time all the time. Then go on to something else to try to fix the problem.
