Block port 80 to specific IP
-
What is the best way to write a rule to block port 80 & 443 to a specific IP address?
-
One way: Create a port alias containing ports 80 and 443 and call it 'WebPorts' for instance. Then write your rule thus:
Proto(IPv4) | Source (LAN) | Port (*) | Destination (Specific-IP) | Port (WebPorts) | Gateway (GW-WAN) | Queue (None).
-
Wrote the rule as specified but the server at the specified IP still has access to the Internet.
-
Post the screenshots of your WAN rules. (Note: You need to reset states - Diagnostics => States => Reset states after restricting access.)
-
Wrote the rule as specified but the server at the specified IP still has access to the Internet.
Maybe I misread your post, but I thought you were trying to stop your LAN users from accessing a remote host on ports 80 and 443. Not prevent the host from accessing the internet.
Perhaps you should post a diagram of what you're trying to do. Please clearly indicate your firewall, the internal hosts and any external targets involved. And show the traffic direction - the source and target(s).
-
What is the best way to write a rule to block port 80 & 443 to a specific IP address?
It sounds like you really mean:
What is the best way to write a rule to block access to destination port 80 & 443 from a specific IP address?
-
Sorry - I'll provide the complete detail for this project. I have multiple servers on the network. One of these servers is an RDP server hosting multiple user logins. Just for this one server only I need to block access to the Internet. I need the result to be that anyone using this server, logging in as a remote session, will not have access to the Internet. I would like to do this at the router level, blocking ports 80 and 443 to this servers specific IP address only. Per previous instructions I built the Aliases for 80 & 443 and built the rule but it did not block the Internet for this server.
-
OK, to block access from LAN to Internet, you need a rule on LAN that blocks the specific source IP address to the ports defined by your alias. It's pretty easy.
-
Just a bit of modification on the previous LAN block rule should do it:
Proto(IPv4) | Source (Specific-IP) | Port () | Destination () | Port (WebPorts) | Gateway (GW-WAN) | Queue (None).
-
Thanks for your help! The last rule given works perfectly for this need.