Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 5309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[BUG][9.101]help needed setting up country block exception

Barry_Foss
i have 9.101-12 and have country blocking turned on for most countries.

Today i found a website i need to allow access to. this is the first time i need to do an exception and cant get it to work .
I made the rule but it didn't work and im alittle confused how you know weather you want going to or coming from?  

Can someone give me example and maybe screen shots of and example rule.  like
Company.com

Also i only have included three services 80,443 and 8080.


This thread was automatically locked due to age.
Parents
  • 0
    now moving on to inbound email connections. They might be different, I believe, due to the email proxy? Not sure about that yet.

    Although there was a bug in early V9 that failed to apply Country Blocking before proxies, 9.006-5 and later have fixed that problem.

    In the example I gave for www.astaro.org, you would chose "going to these" - it just depends on your goal.  I like eganders' idea to allow all traffic from your PC better though.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Exceptions seem to be broken. I setup an exception like the screenshot below after blocking all to Germany but all the traffic is blocked
    2013:06:24-13:19:08 gatekeeper httpproxy[28993]: id="0067" severity="info" sys="SecureWeb" sub="http" name="web request blocked, connection to forbidden country" action="block" method="GET" srcip="192.168.0.10" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProAvDisabled (Av Disabled)" filteraction="REF_HttCffAvDisabled (AV Disabled)" size="2967" request="0xcb846b8" url="http://www.astaro.com/elqNow/elqCfg.js" exceptions="" error="" country="Germany"


    ...Although there was a bug in early V9 that failed to apply Country Blocking before proxies, 9.006-5 and later have fixed that problem....

    Intersting... I wasn't aware of that... I only use country blocking for controlling spam and I always have SMTP in my top 10 dropped services. I can collaborate that with logs although I think the log said country block instead of GEOIP before. Sadly, I don't have any logs from before 9.1

    /var/log/packetfilter/2013/06/packetfilter-2013-06-23.log.gz:2013:06:23-16:15:09 gatekeeper ulogd[4568]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" srcmac="0:e0:98:96:37:8f" dstmac="0:*:*:*:*:*" srcip="177.20.146.24" dstip="*.*.*.*" proto="6" length="60" tos="0x00" prec="0x00" ttl="44" srcport="51212" dstport="25" tcpflags="SYN"

Reply
  • 0 in reply to BAlfson
    Exceptions seem to be broken. I setup an exception like the screenshot below after blocking all to Germany but all the traffic is blocked
    2013:06:24-13:19:08 gatekeeper httpproxy[28993]: id="0067" severity="info" sys="SecureWeb" sub="http" name="web request blocked, connection to forbidden country" action="block" method="GET" srcip="192.168.0.10" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProAvDisabled (Av Disabled)" filteraction="REF_HttCffAvDisabled (AV Disabled)" size="2967" request="0xcb846b8" url="http://www.astaro.com/elqNow/elqCfg.js" exceptions="" error="" country="Germany"


    ...Although there was a bug in early V9 that failed to apply Country Blocking before proxies, 9.006-5 and later have fixed that problem....

    Intersting... I wasn't aware of that... I only use country blocking for controlling spam and I always have SMTP in my top 10 dropped services. I can collaborate that with logs although I think the log said country block instead of GEOIP before. Sadly, I don't have any logs from before 9.1

    /var/log/packetfilter/2013/06/packetfilter-2013-06-23.log.gz:2013:06:23-16:15:09 gatekeeper ulogd[4568]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" srcmac="0:e0:98:96:37:8f" dstmac="0:*:*:*:*:*" srcip="177.20.146.24" dstip="*.*.*.*" proto="6" length="60" tos="0x00" prec="0x00" ttl="44" srcport="51212" dstport="25" tcpflags="SYN"

Children
No Data
Unfiltered HTML