Alias Firewall Rules to allow approved websites



  • Hi ya, would like some two cent thoughts about what I'm missing.

    -Task I'm trying to accomplish: Have a list of static IP that are allowed to access specific websites. Any websites not listed for the Static IP add list will be rejected. Any other IP address that's not on the list will not be interrupted.

    -what I've done so far: I have set up an Alias with list of static IP("Kids"). I have another Alias with the "Approved" URL's on it("Education Crap").

    -Config I've done thus far:
    I've set up a rejection rule on the Lan Interface that will reject the Alias "Kids" to the web, but still allow any other dynamic IP address full access. (-kewl, that works! I'm fine right there....)

    For the Pass rule, (which is set before the rejection rule) I've set the Source of the rule with the "Kids" Alias and the Destination with the "Education Crap" Alias. Protocol for the Rule is set to "Any". With this config the "Kids" Alias is still being block by the firewall and won't allow any traffic out where it's suppose to go.
    All other network traffic works fine. Any IP address not listed in the "Kids" alias still can get full access.

    (hope this made sense)
    Any thoughts??



  • @Ookami Maybe as simple as putting your reject rules before your pass rules.



  • .....then wouldn't that be a Hard reject out right? ..rules are read from top to down... so the allow suppose to kick in first if there's a match to the list... else it request gets rejected on the next ruling.......



  • @Ookami How about a screen shot?



  • sorry it took me a long time to get back, work had to cut in....

    but here is an image of the firewall rule I thought I could get away with...

    Firewall Rules.PNG



  • Double check your allowed computer listing, and turn on logging on your allow to site rule. Not seeing anything in the states for that rule.



  • hmm.... that helped me work out some of the allowed sites. gatta track down the others on the list.. gatta see why those ones are not being allowed to pass..


Log in to reply