10-01-2018 05:31 AM - edited 02-21-2020 08:18 AM
Hi everyone,
our firewall is currently on code 8.2. i want to know how to block a specific website using MPF and dropping dns query.
i am able to block it for whole inside network but not for a specific ip address or group of ips.
here is the code i am using.
name 192.168.66.25 dummy-user
access-list dummy-user-rl extended permit ip any host dummy-user
access-list dummy-user-rl extended permit ip host dummy-user any
global (outisde) 17 201.xxx.yyy.zzz
nat (inside) 17 dummy-user 255.255.255.255
!
regex domain_netflix.com "\.netflix\.com"
!
class-map dummy-user-rl
match access-list dummy-user-rl
!
class-map type inspect dns match-all cm-dbl
description Blocked Domains
match domain-name regex domain_netflix.com
!
policy-map type inspect dns dns-inspect-pm
parameters
message-length maximum 512
match domain-name regex domain_netflix.com
class cm-dbl
drop log
!
policy-map global_policy
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm
!
service-policy global_policy global
10-01-2018 06:49 AM
So you looking only specific IP to block this URL is this correct,
If so please refer below document, should be help for you to resolve.
10-02-2018 05:24 AM
The link you shared is about OS version >=8.3. i am using version 8.2.
10-02-2018 08:14 AM
Try the following:
regex block-netflix.com "netflix\.com"
class-map type regex match-any DOMAIN-BLOCK
match regex block-netflix.com
policy-map type inspect dns dns-inspect-pm
match domain-name regex class DOMAIN-BLOCK
drop-connection log
policy-map global_policy
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm
service-policy global_policy global
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide