This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy overriding Packet Filter

Hi,

We are using ASL v5.200. I have defined several CIDR networks in the network definitions. I then created 2 packet filter rules to drop the packets if source, and another if destination match network definition. When I am not using the HTTP Proxy, my rules are working properly. However, when I am on the HTTP proxy, the packet filter rules are ignored and I am able to get to any address I had defined in the network definition. I wish to block a wide range of problem networks, on all ports.

I should not have to create a URL blacklist for these addresses. I think the packet filter rules should have higher priority than the HTTP proxy.

Why does the HTTP proxy ignore packet filter rules?

Any help you can provide would be greatly appreciated.

Thank you,

Alan

This thread was automatically locked due to age.

Parents

0 cyclops over 20 years ago

Have a look at the packet filters -> WebAdmin/Packet Filter/Advanced. You'll see that Astaro has different chains for automatic packet filters which are set to guarantee feature's functionality and the usr filters which are set always below the auto filters, means auto filters match first. You have no chance to override Astaro's auto filters by setting own rules.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 cyclops over 20 years ago

Have a look at the packet filters -> WebAdmin/Packet Filter/Advanced. You'll see that Astaro has different chains for automatic packet filters which are set to guarantee feature's functionality and the usr filters which are set always below the auto filters, means auto filters match first. You have no chance to override Astaro's auto filters by setting own rules.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data