Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 5042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking internal IP

Mateo
Hi all,

I'd like to block a certain IP on our internal network from accessing the internet. I'm running verison 4.022 and have done the following, thinking it would work, but the machine can still access the net:

- Created a Network host of the machines IP address, called Test.
- Created a rule (moved to 1) that says 

From: Test
To: Any
Service: Any
Action: Reject (I have also tried Drop)

Obviously I'm doing something wrong! I also have a rule at number 4 allowing everyone in that IP range any access, but doesn't the previous rule kick in first? 

Thanks alot!
Mateo


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to techno.kid
    Thanks for the reply techno.kid.

    I'm just trying to block access to websites for that IP, so HTTP traffic over TCP. I've also tried specifying HTTP for the service to no avail. 

    Thanks
    Mateo.
  • 0 in reply to Mateo
    Rules do not impact the (HTTP) proxy, if you are using it.

    So you will have to make an adjustment to the proxy.
    You can create a network of one IP using a 32 bit mask, then indicate that is a disallowed network.
    OR you can move the machine to be denied into a different subnet (you can further subdivide your Class C subnet into smaller subnets; this is called CIDR -Classless InterDomain Routing), then specify the smaller subnet that does not contain the machine to be blocked as an Allowed Network...

    Does the Proxy allow Network Groups to be specified?
    [That would be one more option] Don't remember, but probably not...