Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 865 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rules are not applied correctly

Catalin Olteanu

Hi,

I'm using SFOS 18.0.1 MR-1-Build396. I need to block the youtube traffic for a MAC address between some hours and for others not For this I've been using a time scheduler, an application filter to allow the traffic and with a lower precedence a drop rule for all media streamers.
Rule 3 should be active using a time scheduler and allow youtube only then;
Rule 4-5 should be applied for some other mac addresses and allow vimeo and youtube, all the time;
Rule 6 should block all media streaming;



Here are the dumps:















This thread was automatically locked due to age.
Parents
  • 0

    Hu Catalin,

    rule 6 (really rule #9 if reviewing in log viewer) blocks nothing, it is an allow all rule.

    Ian

  • 0 in reply to rfcat_vk

    Even seems an allow all rule, the filter is a deny all.

    I've been done more searches and I was able to isolate a bug like:

    In case of a rule that combines (LAN[MAC1, MAC2],Application filter)->WAN, sophos makes an "OR" between [MAC] filter result and the Application filter, capturing all the traffic from that MAC(in this case youtube, but also other forbiden traffic).

    However, this is not the only one

Reply
  • 0 in reply to rfcat_vk

    Even seems an allow all rule, the filter is a deny all.

    I've been done more searches and I was able to isolate a bug like:

    In case of a rule that combines (LAN[MAC1, MAC2],Application filter)->WAN, sophos makes an "OR" between [MAC] filter result and the Application filter, capturing all the traffic from that MAC(in this case youtube, but also other forbiden traffic).

    However, this is not the only one

Children