Blocking Access to Specific Host



  • I am trying to create a simple rule.  The rule will deny all LAN users access to one specific internet host (TCP/*).  To do this I have created a firewall rule on the LAN interface:

    Proto  Source  Port  Destination  Port  Gateway  Schedule  Description 
    TCP * * BLOCKED.IP.HERE * *   BLOCK OUTGOING TEST

    The rule has been moved to the very top.  Beneath this rule, I do have one that allows LAN NET to access *, but since this rule is on top, it should work right?

    This rule does not seem to be working.. all LAN users are able to access the blocked destination.  Does anyone have any ideas as to why this is not working?  Am I missing a step?

    Thanks



  • @bairdmj:

    I am trying to create a simple rule.  The rule will deny all LAN users access to one specific internet host (TCP/*).  To do this I have created a firewall rule on the LAN interface:

    Proto  Source  Port  Destination  Port  Gateway  Schedule  Description 
    TCP * * BLOCKED.IP.HERE * *   BLOCK OUTGOING TEST

    The rule has been moved to the very top.  Beneath this rule, I do have one that allows LAN NET to access *, but since this rule is on top, it should work right?

    This rule does not seem to be working.. all LAN users are able to access the blocked destination.  Does anyone have any ideas as to why this is not working?  Am I missing a step?

    Thanks

    Have you verified that destination traffic are the expected iow the ip you have in the block?.
    Check your logs(obviusly turn it on if you dont)

    Otherwise you can try and block a site you know have only one ipadress and se if that works.

    /f


Log in to reply