Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall Rule Blocking on Single Destination not Working

    Firewalling
    2
    9
    496
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elegantd last edited by elegantd

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Adding a block rule on LAN will block LAN traffic, so showing the WAN block log won't show you what you want.

        Maybe I'm missing something, but your block rule is for dest 171.161.148.150, yet none of your LAN blocks in the log have this address. You have to be going to that specific destination IP for the traffic to be blocked.

        1 Reply Last reply Reply Quote 0
        • E
          elegantd last edited by

          The firewall logs show both WAN and LAN actions. In the first rule that tries to block just the one IP destination it is bypassing that rule so it wouldn't show up in the firewall logs. However, when I change the rule to block all the IPs, The ones I am trying to visit are caught and logged. So basically block all works, block one dose not.

          1 Reply Last reply Reply Quote 0
          • KOM
            KOM last edited by

            Firewall rules apply to the interface that the traffic is entering, so if you want to block LAN clients you put your block rule on the LAN tab. Showing a WAN log is irrelevant in this case. You are only concerned with the LAN blocks. Of course if you set the block to dest Any then all traffic will be blocked. Your first screen shows a block to dest 171.161.148.150 will be blocked. Also note that any existing states will not be changed after you edit a rule, so you should clear your states via Diagnostics - States - Reset States.

            1 Reply Last reply Reply Quote 0
            • E
              elegantd last edited by elegantd

              @KOM said in Firewall Rule Blocking on Single Destination not Working:

              Diagnostics - States - Reset States.

              I had tried that before Diagnostics - States - Reset States.However, it did not work. But thanks for the advice, and thanks for trying to help.

              Here is a pick showing wan lan logs to the same place.

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                Here, I made an example.

                I did a ping to 8.8.8 which worked. Then I added the rule below:

                Screenshot from 2019-08-01 20-31-33.png

                Then I pinged again and it failed:

                Screenshot from 2019-08-01 20-32-25.png

                1 Reply Last reply Reply Quote 0
                • E
                  elegantd last edited by elegantd

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • KOM
                    KOM last edited by

                    Good luck. If you're still having problems, come on back.

                    1 Reply Last reply Reply Quote 0
                    • E
                      elegantd last edited by

                      If any one is reading this the fix was as KOM suggested in the first place doing the Diagnostics - States - Reset States. I did but not all the time and irregularly. If a firewall change does not at first appear to work do this first every time all the time. Then go on to something else to try to fix the problem.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post