This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[6.311] Keeping away from the internet

Hi there again,

here we what to create some pf rules to keeping computers away from the internet.

At first I tried with a single IP address. I want to block this for all services to any destination. The rule is on 4th position:

1. Dropped Any to Internal (Broadcast) for any services
2. Dropped Any to 255.255.255.255 for any services
3. Dropped 255.255.255.255 to Any for any services
4. Dropped (Sinlge IP) to Any for any services

The computer on this IP can access the internet... AFAIR the rules will be read from top to bottom and if one rules will be true all other will be ignored.

Our IP's are in ***. The ASG is in transparent mode for HTTP proxy. Maybe I should block traffic?

Thanks in advance for your help.
--
Kind regards

Steffen Kother

This thread was automatically locked due to age.

Parents

0 drees over 17 years ago

Hmm, sounds like the HTTP proxy is taking priority over the packet filter rules? I've never tried to block a client like that before. If you disable the transparent proxy temporarily, does that work?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 drees over 17 years ago

Hmm, sounds like the HTTP proxy is taking priority over the packet filter rules? I've never tried to block a client like that before. If you disable the transparent proxy temporarily, does that work?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 trialrider over 17 years ago in reply to drees

Hi drees,

problem is solved. I added the computer to the skip list in http proxy. After that I created a rule with -> ANY -> Drop in a good position on the list. That works fine.

Thy, Steffen
Cancel
Vote Up 0 Vote Down

Cancel