Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 4954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Ip all ports

Albert.Pamu
Hi all,

I've just started to learn how to use the UTM.

I cannot to block an IP address to access Internet when I inserted a new rule in the Firewall.

Sources: PC
Services:Any
Destinations:Internet
Action: Deny

I could insert a rule with iptables if I connect with ssh.

iptables -A INPUT -s IP-ADDRESS -j DROP

Can I create my firewall rule?

I don't want to do this with proxy or AD.

Thanks!

P.D.: Model ASG120 - v9.313-3


This thread was automatically locked due to age.
  • 0
    Can I create my firewall rule?
    Not really.  It will almost instantly be overwritten by the system.  

    I don't want to do this with proxy
    In the UTM, proxies create their own firewall rules that have precedence over any manually created rules, which is why your firewall rule won't block browsing.  If you are using the proxy in transparent mode, you can add a host definition for the client to the transparent proxy skiplist, then your firewall rule will work.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Thanks Scott!

    But the ftp protocol is not blocked. Why?
  • 0
    Go to Web Protection > Filtering Options > Misc and look at Allowed Target Services.  The Web Proxy has control of FTP by default, so the previously mentioned proxy firewall rules apply..
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Hi, Albert, and welcome to the User BB!

    Is Web Filtering in a Standard or Transparent mode?  Do you have the FTP Proxy enabled?

    For more understanding of these sequence issues, see #2 in Rulz and consider the diagram attached to that post. I haven't tried this with outbound traffic, but you might try a DNAT of '{PC} -> Any -> Internet : to {non-existent IP}'.  Does that work?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:
    Hi, Albert, and welcome to the User BB!

    Is Web Filtering in a Standard or Transparent mode?  Do you have the FTP Proxy enabled?

    For more understanding of these sequence issues, see #2 in Rulz and consider the diagram attached to that post. I haven't tried this with outbound traffic, but you might try a DNAT of '{PC} -> Any -> Internet : to {non-existent IP}'.  Does that work?

    Cheers - Bob
     

     

    Is this still the best way to block all internal traffic to a given host?

  • 0 in reply to Pheckphul

    I'm confused by your question, Sean.  This thread was about blocking one internal IP from reaching the Internet.  Please be more precise about what it is you want to block.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    I'm confused by your question, Sean.  This thread was about blocking one internal IP from reaching the Internet.  Please be more precise about what it is you want to block.

    Cheers - Bob

     

     

    Sorry I wasn't clear.

     

    I wanting to block all traffic from my network to a specific IP, and would like to know if the solution proposed in this thread would be the most effective method to achieve this.

  • 0 in reply to Pheckphul

    Not knowing anything about your setup, the quickest sure answer is to use a different NAT rule like 'Any -> Any -> {banned IP} : SNAT from {240.0.0.1}'.  If you don't want to see the blocks caused by this in the firewall log, select 'Automatic firewall rule'.  Did that work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML