Firewall not blocking on port 80 (http)
Hello guys, I'm using firewall to block traffic going to facebook.com, I have listed CIDR of facebook in alias. Created Lan rules blocking destination Facebook Alias in http and https ports. Firewall successfully block facebook in port 443 but in port 80 it passes through. I have run a packet capture on my host and examine the ip address that facebook domain gives out. The IP that was blocked on port 443 was the same IP that passes through port 80. I have tried separating the rules 443 and 80 but same thing happens.
Please guide me on whats the next step should I look through to get this rule to work on port 80. ??? ??? ???
Thank you very much!
Are you using squid or any other proxy for filtering port 80 ?
Then blocking on the firewall tab of the LAN interface will not work because the traffic on port 80 will be redirected to squid and then will leave squid by the loopback address (127.0.0.1) to the WAN. So the firewall rules on your LAN interface will not affect this port 80 traffic.
To block http traffic you need to use a floating rule as far as I know.
Yes i'm using squidguard. Can you give an example rule to input in floating rule pane?
Thank you very much! :D
you are probably using squid in transparent mode. This means you cannot block httpS traffic with squid + squidguard. So it is a good way to block facebook and so on - which is using httpS by firewall. This is working as you are doing it.
But for port http (80) I would not block it by firewall - you have squidguard which can do that for you much easier. Just put facebook.com to the domain list or use "facebook" as an regular expression. Then activate this target on squidguard and block it for all users.
Then squid+squidguard is doing the job for port 80 (http) and the rest what is https (443) will be done by your firewall rules