Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Mar 2019
    Posts
    2

    Default IPS blocking port 53 comms, with bypass on

    Hey hey.

    I run an automated program to check for updates to my dynamic IP address. Then it feeds it to my cloudflare for an update. It communicates to the same external ip address from the same internal ip address over port 53.

    I run Intrusion Prevention and it blocks this automated program due to: policy-violation - ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup)

    No big deal, I open up bypass rules and allow internal DNS to external (built in DNS rule). No change, still blocked. I individually add the internal ip, external ip, and port number and am still blocked.

    Questions I have:
    - Does bypass only work with the firewall and not the IPS?
    - Is there a way to ignore this and/or allow the traffic to pass through the IPS?

    This is not detrimental to anything, but would be interesting to find out how to properly bypass IPS, since those policies are hard coded into Untangle and cannot be manipulated. Might be a pertinent task in the future for other issues.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,726

    Default

    Bypass works, but not on the first packet as it is run pre-routing byfore routing and bypass rules are evaluated.

    On the upcoming 14.2 (currently in beta, to be released in the future) you can run IPS post-routing and bypass will work as you expect, but it will only see traffic that actually passes.
    Also on 14.2 you can whitelist certain subnets.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Mar 2019
    Posts
    2

    Default

    Thanks for the information. I started to go down a rabbit hole on why it was not working.... I assumed the IPS did its pre-checks, just was not sure if bypass was expected to clear the IPS also. Looking forward to the whitelisting update.

  4. #4
    Master Untangler
    Join Date
    Oct 2017
    Posts
    100

    Default

    Same issue here with OpenDNS ip updater. Put in a IPS bypass rule but it didn’t help. I tagged the rule with the SID that was blocking the update.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2