[8.162][BUG][FIXED] Application Control rules order...

Hi,

my question is like https://community.sophos.com/products/unified-threat-management/astaroorg/f/110/t/70541

but in my case I created these ordered rules:

1)
    * name (name) = Social_networking
    * action (action) = block
    * application list (applications)
         1. BEBO
         2. FACEBOOK
         3. FBOOKAPP
         4. FLIXSTER
         5. FRNDFEED
         6. FRNDSTER
         7. LINKEDIN
         8. MYSPACE
         9. PLAXO
        10. TWITTER
    * group list (groups) = empty list
    * destination network list (destination_networks)
         1. any address object "Any"
    * log (log) = 1
    * comment (comment) = empty value

2)
    * name (name) = LOG_ACTIVITY
    * action (action) = accept
    * application list (applications) = empty list
    * group list (groups)
         1. 3
         2. Collaboration
         3. Database
         4. File Transfer
         5. Games
         6. Mail
         7. Messaging
         8. Network Monitoring
         9. Networking
        10. Proxy
        11. Remote Access
        12. Social Networking
        13. Streaming Media
        14. VPN and Tunneling
        15. Web Services
    * destination network list (destination_networks)
         1. any address object "Any"
    * log (log) = 1
    * comment (comment) = empty value

My target is to log everythings and analyse the network activity in the future but meanwhile block the social networking traffic at all.
Thus I placed the social networking block at the top but with this configuration the logging rule (2) wins against the blocking rule (1).

Why is not respected the rule order?

Parents

0 Astaro Beta Bot over 14 years ago

Astaro Beta Report
--------------------------------
Version: 8.162
Type: BUG
State: TESTED/FIXED
Reporter: mdallagi+
Contributor: Billybob
MantisID: 17459
Target version: 8.163
Fixed in version: 8.163
--------------------------------

0 Billybob over 14 years ago in reply to Astaro Beta Bot

Can you post some logs with your configuration screenshot. I tried what you are saying and I get blocked. If I reverse the order with allow facebook first and then block all social, I can get to facebook just fine. Screenshots attached.

Regards
Bill.
- social.JPG
- View
- Hide
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Billybob over 14 years ago in reply to Astaro Beta Bot

Can you post some logs with your configuration screenshot. I tried what you are saying and I get blocked. If I reverse the order with allow facebook first and then block all social, I can get to facebook just fine. Screenshots attached.

Regards
Bill.
- social.JPG
- View
- Hide
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 mdallagi over 14 years ago in reply to Billybob

Hi Bill,

look at the attachment to view my configuration....it is a bit different.
If I try to surf Twitter in the afc.log I find:

2011:04:04-08:28:18 ASG-BETA ulogd[4978]: id="2017" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Alert" action="log" initf="eth1" mark="0x42012" app="18" srcmac="0:c0:9f:eb:4d:78" dstmac="0:30:6e:11:64[:D]2" srcip="172.16.24.2" dstip="198.78.208.254" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="1123" dstport="80" tcpflags="SYN"

...and I can surf the twitter web site...
Instead, if I disable the rule #2, the Application Control now blocks the twitter site:

2011:04:04-08:32:23 ASG-BETA ulogd[4978]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" initf="eth1" mark="0x43076" app="118" srcmac="0:c0:9f:eb:4d:78" dstmac="0:30:6e:11:64[:D]2" srcip="172.16.24.2" dstip="199.59.148.83" proto="6" length="940" tos="0x00" prec="0x00" ttl="128" srcport="1162" dstport="80" tcpflags="ACK PSH"

The proxy is configured in transparent mode.
- app_ctrl.png
- View
- Hide
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel