This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule not working

I created a rule that will block traffic from any IP in the list.

It's in the #1 position but when I test, it's not blocking traffic.

I have one computer with an external Internet connection that I'm using for testing. I included it's public IP in the block list but I can still access my websites that are hosted on a server that's behind Sophos.

Each website has a DNAT and a Full NAT (for local access). Each DNAT and Full NAT has an automatic packet filter rule.

One of the DNAT's:

The corresponding Full NAT:

Why is this rule not blocking my testing computer?

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

Jeff, consider what I call Rule #2:
In general, a packet arriving at an interface is handled only by one of the following, in order:
DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.

An alternative then is to use a NAT rule like: 'DNAT : {Group of bad IPs} -> Any -> External (WAN) (Address) : to {non-existant IP}'

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

Jeff, consider what I call Rule #2:
In general, a packet arriving at an interface is handled only by one of the following, in order:
DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.

An alternative then is to use a NAT rule like: 'DNAT : {Group of bad IPs} -> Any -> External (WAN) (Address) : to {non-existant IP}'

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data