Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 4741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Ip all ports

Albert.Pamu
Hi all,

I've just started to learn how to use the UTM.

I cannot to block an IP address to access Internet when I inserted a new rule in the Firewall.

Sources: PC
Services:Any
Destinations:Internet
Action: Deny

I could insert a rule with iptables if I connect with ssh.

iptables -A INPUT -s IP-ADDRESS -j DROP

Can I create my firewall rule?

I don't want to do this with proxy or AD.

Thanks!

P.D.: Model ASG120 - v9.313-3


This thread was automatically locked due to age.
Parents
  • 0
    Can I create my firewall rule?
    Not really.  It will almost instantly be overwritten by the system.  

    I don't want to do this with proxy
    In the UTM, proxies create their own firewall rules that have precedence over any manually created rules, which is why your firewall rule won't block browsing.  If you are using the proxy in transparent mode, you can add a host definition for the client to the transparent proxy skiplist, then your firewall rule will work.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • 0
    Can I create my firewall rule?
    Not really.  It will almost instantly be overwritten by the system.  

    I don't want to do this with proxy
    In the UTM, proxies create their own firewall rules that have precedence over any manually created rules, which is why your firewall rule won't block browsing.  If you are using the proxy in transparent mode, you can add a host definition for the client to the transparent proxy skiplist, then your firewall rule will work.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
Unfiltered HTML