Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to allow selected IP to bypass Rule

    Firewalling
    2
    6
    4057
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lynx last edited by

      1.Im trying to block some website.. I made an alias (blockalias) with the IP of the site….
      2.I created a firewall, block, tcp/udp, ipv4, lan...destination is SingleHost or alias pointing to the alias I created (blockalias) ...

      I successfully blocked the site with the steps above .....

      what I want now is to have an option to allow or bypass the rule in selected IPs/PCs ... for example , i want my PC and my friends PC to access the site, then the rest in my network will be blocked...

      how can I do that?

      Thank you

      1 Reply Last reply Reply Quote 0
      • D
        divsys last edited by

        Try creating another alias: "GOODPCS" and include the IP's you don't want to block.

        Then change your LAN blocking rule so that the Source Address is: NOT GOODPCS.

        If a source address is not in the alias, the blocking rule will apply.

        -jfp

        1 Reply Last reply Reply Quote 0
        • L
          lynx last edited by

          @divsys:

          Try creating another alias: "GOODPCS" and include the IP's you don't want to block.

          Then change your LAN blocking rule so that the Source Address is: NOT GOODPCS.

          If a source address is not in the alias, the blocking rule will apply.

          thanks.. but sorry I didn't get what you exactly mean….

          1 Reply Last reply Reply Quote 0
          • D
            divsys last edited by

            If you look at your existing rule that works to block an alias list, there's a section called "Source".

            Right now it's probably set to "any" but you can change that to "Single Host or Alias" just like you probably did for "Destination".

            The "Source" sets another condition that mus be met for the rule to fire, so if you were to enter your IP (192.168.1.75, for eg.) the rule would only fire for your IP.  Your PC would be the only one blocked.  That's exactly opposite to what you're trying to accomplish so we set the NOT flag in the "Source" section.  That forces the rule to fire only when the source address is NOT your IP, or for everyone else.  It then one small step to replace your single IP with an alias list of IP's

            Try it and see….

            -jfp

            1 Reply Last reply Reply Quote 0
            • L
              lynx last edited by

              @divsys:

              If you look at your existing rule that works to block an alias list, there's a section called "Source".

              Right now it's probably set to "any" but you can change that to "Single Host or Alias" just like you probably did for "Destination".

              The "Source" sets another condition that mus be met for the rule to fire, so if you were to enter your IP (192.168.1.75, for eg.) the rule would only fire for your IP.  Your PC would be the only one blocked.  That's exactly opposite to what you're trying to accomplish so we set the NOT flag in the "Source" section.  That forces the rule to fire only when the source address is NOT your IP, or for everyone else.  It then one small step to replace your single IP with an alias list of IP's

              Try it and see….

              Thanks a lot sir! Its working now….

              i have tried same setup before but it didnt work.. I didn't check the NOT ....

              but now it works... thanks  to you.. Thanks a lot. God bless you!

              1 Reply Last reply Reply Quote 0
              • D
                divsys last edited by

                No problem,

                Just pay it forward when you can  :)

                -jfp

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post