Firewall not working? Or operator error...

[scoffer]

I'm trying to tighten up security and have been having issues implementing firewall rules.
Ideally, I would like to block all ports by default, except those that I create exceptions for. I have tried doing so already, but have had no luck. Right now, I'm letting everything pass and trying to write Block rules for testing (users get mad when they don't email/web/etc.).

Here is what's set up now. Default action is pass.
Enabled - Block - Log - TCP&UDP - any - any -any -any -80 - 80

Web traffic still passes...? I've tried turning off all of the other apps in the rack as well, just to see if there was some sort of conflict.

Running UT5.4 in bride/gateway mode.

Any suggestions?

[proactivens]

I think your firewall rules may be too vague to be effective. Try this
Enabled - block - log - tcp - external - internal - any - any - any - 80
Enabled - block - log - tcp - internal - external - any - any - any - 80

[scoffer]

Yeah, I tried doing that before with no success. Just tried again, same results.

[wtangle]

You need to allow DNS (port 53) and the ports you use for email.

[RoSic]

When you blocked all by default, what kind of rule did you have on the firewall?
Mine is set up to block all and I have one rule that lets all traffic that initiates inside out.
This lets the users get their webmail etc. etc. and I let the other applications handle everything else. So far it works very well for me.

[dmorris]

Can you post a screenshot of your rule?

make sure source port is "any" not 80