Hello,

I'm trying to use Packet Filter (advanced mode) to create a blacklist (for all protocols) but it seems only the first rule is working.

I created 3 rules like this:
-Enabled
-Action = drop
-Source Adress = public IP adress to blacklist

When I check logs, only the first rule is applied, the two others rules are not applied. Why ?

Nobody have this behavior ?

What log are you looking at. The Packet Filter doesn't log anything.

You really should be using the firewall module for that. It is much cleaner and more flexible.

I'm looking on my servers logs behind UT. I blocked some IP with Packet Filter but I see attempts in my servers logs.

Yes, I thought to use Firewall module but I have many rules for servers and I don't want to mix blacklist and servers rules. Its more clear to manage blacklist rules from Packet Filter.

Nobody seems to use Packet Filter? I'm sure I'm doing something false but what?

No I use the packet filter regularly, it has different functions than the firewall and half of learning UT is knowing when to use one over the other.

So just a clear troubleshoot...

You said you have a packet filter rule that is simply.

-Enabled
-Action = drop
-Source Address = public IP address to blacklist

This rule will prevent any access from the IP listed in Source Address to your UT system. You may need to insert the destined local rule as well.

If you are trying to stop access from your network to that address you need to change that Source Address to Destination Address.

Yes, I want to prevent any acces from a list of IPs to my network.
Now, I added "Destined local" parameter for each rule. I'm waiting results.

But you know if I change order of rules in the list, then the first rule in the list is working.
The only difference between rules are the Source Address parameter and the order of course.

Thanks you to take time for me.

I have results: rule is not applied when I add "Destined local" parameter.