Hi Group,
It seems we are being DOS'd so I could use some quick help.
I have managed to isolate the offending IP, assuming it is not spoofed.
I created a blackhole rule in the firewall for this IP, but it was not working. I then further read if I am using NAT with auto firewall rules, this is a problem because NAT firewall rules are placed at a higher priority and will allow it.
So, I disabled the autofirewall rule and created my own firewall rule, however it is blocking all web traffic.
The firewall rules look like this.
The first rule is the drop of the offending ip address.
source ip --> any --> external ip address (additional interface)
The second rule looks like this
any --> websurfing --> external ip address (additional interface)
Don't know what the issue is, do I somehow have to allow return traffic?
This thread was automatically locked due to age.
