Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Newbie
    Join Date
    Oct 2017
    Posts
    2

    Default Block access to IP

    I have been trying to block outbound access to a specific IP from inside the network. I only have this one rule enabled in my rules and it is my first rule in the list. The rule is as follows:

    Enabled
    Destination IP: IP/255.255.255.255
    Destination Interface: External
    Source Interface: Internal
    Action: Block
    Flag

    I am still been able to ping out to the ip I have defined. Do I need more info in my rule? I have looked at the example rules and looked at the Untangle Rule documentation and I think I have that setup right but obviously am missing something. Thank you for any guidance.

  2. #2
    Master Untangler
    Join Date
    May 2012
    Posts
    107

    Default

    Try changing the Destination IP to use only the IP, without the CIDR notation. If that doesn't work, try changing the Source Interface to Any Non-WAN.

  3. #3
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,373

    Default

    Quote Originally Posted by gomer23 View Post
    Do I need more info in my rule?
    Possibly the opposite. In my experience, many problems in rules result from trying to be too specific, and removing info from the rule will help solve the problem.

    In this case, the Source and Destination interface specifiers aren't really necessary (well... the Internal might be if you multiple network have segments or vlans broken up by interface on your untangle machine, but that's less common). Also, the /255.255.255.255 isn't really necessary.

    Remove those things, get this down to the simplest version of the rule you can safely, and go from there.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 8GB with Untangle 12.2 to protect 200Mbits for ~400 residential college students and associated staff and faculty

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,643

    Default

    Quote Originally Posted by gomer23 View Post
    I have been trying to block outbound access to a specific IP from inside the network. I only have this one rule enabled in my rules and it is my first rule in the list. The rule is as follows:

    Enabled
    Destination IP: IP/255.255.255.255
    Destination Interface: External
    Source Interface: Internal
    Action: Block
    Flag

    I am still been able to ping out to the ip I have defined. Do I need more info in my rule? I have looked at the example rules and looked at the Untangle Rule documentation and I think I have that setup right but obviously am missing something. Thank you for any guidance.
    Sounds like your rule is working as intended. You're creating a firewall rule in a firewall that only ever sees TCP or UDP packets and attempting to test it with ICMP. The Firewall cannot restrict ICMP, because the rack simply doens't process it. If you need to control ICMP, you need the filter. What's running on that IP address? A web service? Try accessing it, you'll find it's not working.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Oct 2017
    Posts
    2

    Default

    Quote Originally Posted by jcoehoorn View Post
    Possibly the opposite. In my experience, many problems in rules result from trying to be too specific, and removing info from the rule will help solve the problem.

    In this case, the Source and Destination interface specifiers aren't really necessary (well... the Internal might be if you multiple network have segments or vlans broken up by interface on your untangle machine, but that's less common). Also, the /255.255.255.255 isn't really necessary.

    Remove those things, get this down to the simplest version of the rule you can safely, and go from there.
    I should have put more detail. My first iteration of this was just the destination IP without the CDIR notation. From there I kept adding or taking away items.

    sky-knight. That makes total sense now. You are right from a browser it is being blocked. Now out of curiosity, you said I would need to use a filter to block icmp since the firewall app doesn't process icmp. Where would I need to apply that at? Thakns for the replies.

  6. #6
    Master Untangler
    Join Date
    May 2010
    Posts
    416

    Default

    Config -> Network -> Filter Rules

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,643

    Default

    Jason beat me to it, the filter is configuring IPTables on the Untangle server. It can handle any protocol, and it can even block access to/from the Untangle server itself. Careful! It's advanced for a reason!

    Oh, it's config -> network -> advanced -> filter rules

    Forward rules are for traffic going through the Untangle server, probably what you want.
    Input rules are for traffic going to the Untangle server, probably how you make your day really hard.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Master Untangler
    Join Date
    May 2010
    Posts
    416

    Default

    Quote Originally Posted by sky-knight View Post
    Jason beat me to it, the filter is configuring IPTables on the Untangle server. It can handle any protocol, and it can even block access to/from the Untangle server itself. Careful! It's advanced for a reason!

    Oh, it's config -> network -> advanced -> filter rules

    Forward rules are for traffic going through the Untangle server, probably what you want.
    Input rules are for traffic going to the Untangle server, probably how you make your day really hard.
    Location depends if you are on 13.0 or 13.1, doesn't it? The path I listed should be correct for 13.1 (unless I made a mistake)?

    In 13.1 -
    Forward Rules (now Filter Rules) are at Config -> Network -> Filter Rules
    Input Rules (now Access Rules) are at Config -> Network -> Advanced -> Access Rules

    Sent from my SM-G955U using Tapatalk
    Last edited by JasonJoel; 10-11-2017 at 01:00 PM.

  9. #9
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,075

    Default

    Quote Originally Posted by JasonJoel View Post
    Location depends if you are on 13.0 or 13.1, doesn't it?
    Correct. v13.1 has changed the location.

    Config -> Filter rules are traffic control through the Untangle

    Config -> Advanced -> Access rules are traffic control to the Untangle
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #10
    Master Untangler
    Join Date
    May 2010
    Posts
    416

    Default

    Not to thread hijack, but I still wish you could do FILTER RULES and FIREWALL RULES in the same place, instead of 2 different places. I think that is more natural and understandable.
    jcoehoorn likes this.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2