How to allow selected IP to bypass Rule

lynx

1.Im trying to block some website.. I made an alias (blockalias) with the IP of the site….
2.I created a firewall, block, tcp/udp, ipv4, lan...destination is SingleHost or alias pointing to the alias I created (blockalias) ...

I successfully blocked the site with the steps above .....

what I want now is to have an option to allow or bypass the rule in selected IPs/PCs ... for example , i want my PC and my friends PC to access the site, then the rest in my network will be blocked...

how can I do that?

Thank you

divsys

Try creating another alias: "GOODPCS" and include the IP's you don't want to block.

Then change your LAN blocking rule so that the Source Address is: NOT GOODPCS.

If a source address is not in the alias, the blocking rule will apply.

lynx

@divsys:

Try creating another alias: "GOODPCS" and include the IP's you don't want to block.

Then change your LAN blocking rule so that the Source Address is: NOT GOODPCS.

If a source address is not in the alias, the blocking rule will apply.

thanks.. but sorry I didn't get what you exactly mean….

divsys

If you look at your existing rule that works to block an alias list, there's a section called "Source".

Right now it's probably set to "any" but you can change that to "Single Host or Alias" just like you probably did for "Destination".

The "Source" sets another condition that mus be met for the rule to fire, so if you were to enter your IP (192.168.1.75, for eg.) the rule would only fire for your IP.  Your PC would be the only one blocked.  That's exactly opposite to what you're trying to accomplish so we set the NOT flag in the "Source" section.  That forces the rule to fire only when the source address is NOT your IP, or for everyone else.  It then one small step to replace your single IP with an alias list of IP's

Try it and see….

lynx

@divsys:

If you look at your existing rule that works to block an alias list, there's a section called "Source".

Right now it's probably set to "any" but you can change that to "Single Host or Alias" just like you probably did for "Destination".

The "Source" sets another condition that mus be met for the rule to fire, so if you were to enter your IP (192.168.1.75, for eg.) the rule would only fire for your IP.  Your PC would be the only one blocked.  That's exactly opposite to what you're trying to accomplish so we set the NOT flag in the "Source" section.  That forces the rule to fire only when the source address is NOT your IP, or for everyone else.  It then one small step to replace your single IP with an alias list of IP's

Try it and see….

Thanks a lot sir! Its working now….

i have tried same setup before but it didnt work.. I didn't check the NOT ....

but now it works... thanks  to you.. Thanks a lot. God bless you!

divsys

No problem,

Just pay it forward when you can  :)