08-08-2011 03:05 PM - edited 03-04-2019 01:13 PM
I want to deny all web traffic for certain IP address except some of the allow web site.
Can I setup the following Firewall rules on RV220W?
1. From Zone: LAN
To Zone: WAN
Service: HTTP
Action: Always Block
Source: 192.168.1.10 - 192.168.1.30
Destionation: Any
2. From Zone: LAN
To Zone: WAN
Service: HTTP
Action: Always Allow
Source: 192.168.1.10 - 192.168.1.30
Destionation: x.x.x.x (Allow IP address)
The rules above will block the allowed web site. May I know why? Is there any other ways?
Solved! Go to Solution.
08-11-2011 12:42 PM
Hi,
if you changed the order and it is still not working then maybe the IP address has changed for some reasons.
Can you flush the dns caches of your hosts(if they are Windows clients) with the ipconfig/flushdns command.
Then do a nslookup for this url to verify the address.
Maybe you could filter by url or if you haen't got too many machines you could implement the hosts file trick where you map the domain name of the site to 0.0.0.0 or 127.0.0.1 and then make that hosts file read-only
Regards.
Alain.
08-08-2011 11:56 PM
Hi,
You should change the order of the rules with the more specific ones first because the rules are parsed sequentially and once a match is encountered the parsing ends.
Regards.
Alain.
08-09-2011 09:44 AM
Hi Alain,
Thanks for your suggestion. I did tried to change the order firewall rule but I'm still block to access the allowed web site. Just give you extra information, there are no way to change the order of the firewall rule. I have to delete the rule and re-create it. Just don't get it why the access rule order not working?
Moses
08-11-2011 10:45 AM
In the upcoming firmware there is a flawed solution for this.
You may page the rules in pages of 10 rules, but is is only possible to move a rule within a page, not between pages,
You specify a destination rule number and click a Move button.
How difficult is it to move the rule to the destination entry in the array and refresh the display ?
I'll leave it to the reader to judge the quality of this kind of programming !
08-11-2011 12:42 PM
Hi,
if you changed the order and it is still not working then maybe the IP address has changed for some reasons.
Can you flush the dns caches of your hosts(if they are Windows clients) with the ipconfig/flushdns command.
Then do a nslookup for this url to verify the address.
Maybe you could filter by url or if you haen't got too many machines you could implement the hosts file trick where you map the domain name of the site to 0.0.0.0 or 127.0.0.1 and then make that hosts file read-only
Regards.
Alain.
08-11-2011 12:48 PM
Hi Alain,
Thanks. I find out the allowed website IP address was changed that cause I couldn't setup the rule correctly.
Moses
08-11-2011 01:21 PM
Hi,
You're welcome.
Alain.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: