Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Dec 2020
    Posts
    17

    Default Block ICMP to VLAN's default gateways

    Hi,

    I have a few 'untrusted' VLANs such as guest WiFi network that I wish to prevent access to other 'trusted' networks. Using
    • Network > Advanced > Access Rules
    • Network > Filter Rules
    • Administration > Admin > Restrict Administration Subnet(s),

    I have managed to blocked HTTPS traffic to the admin portal and ICMP to other devices, however, I am still unable to block ICMP to the Untangle VLAN's default gateways. i.e. when connected to the guest WiFi, I can ping each VLANs default gateway.

    My access rule and Filter rule look like:

    Source Interface =>"Guest WiFi VLAN"
    Destination Interface => "Any Non-WAN"


    I've read a few posts where people have set:
    Source Interface => "Any Non-WAN"
    Destination Interface => "Any Non-WAN"

    But, to me, this will lock me out.

    I've given it several hours and rebooted, but I am still able to ping, so I don't believe it's a session issue.

    Any suggestions will be gratefully received.

    T.I.A

  2. #2
    Untangler
    Join Date
    Jan 2019
    Posts
    90

    Default

    Traffic to UT is handled using Network > Advanced > Access Rules (as you mentioned).

    You need to add a rule that "blocks" ICMP.

    There is a default rule that allows ICM> Make sure you put yours at the top as the rules are evaluated top to bottom.

  3. #3
    Untanglit
    Join Date
    Dec 2020
    Posts
    17

    Default

    Thanks LaurantR, I forgot to mention that these rules are right at the top.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    Welcome to Linux...

    The Kernel doesn't care what IP is on the platform, they're all the same. Your access rules will never prevent ping, unless you block it entirely. The rules you've posted are plenty to prevent access to things beyond Untangle. But, you'll always be able to ping all IP addresses on Untangle, if you can ping any of them.

    Because again... Linux.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2