This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot block traffic when DNAT rule is set

I have DNAT rules set for incoming traffic (from our external IP range to an internal IP).

I'd like to block an IP from accessing one of our external IPs, so I added a firewall rule at the top with the IP to ANY and drop traffic.

Although in the logs it reports the packet is dropped, it isn't!

How do I do this? Is the NAT rule overruling the firewall rule? How do I block then?

As a side note, i've come from Juniper kit and the Astaro reseller support compared to them sucks hard!

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 13 years ago

Yes, the DNAT takes precedence over any manually created firewall rules. Create a new blackhole DNAT, ordered higher in the list than the existing rule, to send traffic from this one IP to a non-existent IP Address.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 13 years ago

Yes, the DNAT takes precedence over any manually created firewall rules. Create a new blackhole DNAT, ordered higher in the list than the existing rule, to send traffic from this one IP to a non-existent IP Address.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data