Want to block all ports except 80 and 443

[ellocomoco]

I have a policy (see attachment) blocking port 0-79, 81-442, and 444-65535. It works great on blocking, but it is time consuming try to open another port the way I made this policy. Can someone advise me on an easier solution?

[fslomka]

That is very simple use the "Firewall App" and set "Default Action" to Block

All you have to do then is to set "Pass Rules"

[sky-knight]

That default action is going away in the future.

The Firewall module blocks or passes things on a first rule match wins ideology.

So make a general block rule that blocks everything, and just make sure your pass rules are above it. You don't need to fit everything into a single firewall rule.

[dmorris]

Quote:

Originally Posted by ellocomoco

I have a policy (see attachment) blocking port 0-79, 81-442, and 444-65535. It works great on blocking, but it is time consuming try to open another port the way I made this policy. Can someone advise me on an easier solution?

That rule won't work unless you set source port to "any"

[ellocomoco]

sky-knight,

I tried your idea and I am having trouble with it. It seems to still pass all traffic. Please see my attachments and let me know what I am doing wrong.

[dmorris]

Quote:

Originally Posted by dmorris

That rule won't work unless you set source port to "any"

If it helps, just assume that a rule with "source port" is set to anything besides ANY is effectively disabled.

edit:
and you probably want to allow DNS traffic unless they are using the untangle server itself for DNS.