LDCC 0 Posted December 15, 2020 Share Posted December 15, 2020 I want block some Ip of website:line.me (203.104.153.129, 147.92.249.2, 203.104.153.1, 203.104.150.2, 203.104.138.138, 203.104.153.91) 1 Make Zone 2 .Make rule 3 Check Nothing's happend? Pls help me! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted December 15, 2020 Administrators Share Posted December 15, 2020 Try moving the rule on the very top after toggling the display of default rules. Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 15, 2020 Author Share Posted December 15, 2020 1 minute ago, Marcos said: Try moving the rule on the very top after toggling the display of default rules. its move already! But the same result Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted December 15, 2020 Administrators Share Posted December 15, 2020 I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it? What you did is that you performed a DNS lookup but DNS communication with Google DNS servers was not blocked by the rule. Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 15, 2020 Author Share Posted December 15, 2020 I just test on my laptop and Eset protect 8.0 Server (make policy for PC group) it's same! I dont know why? Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 15, 2020 Author Share Posted December 15, 2020 (edited) 2 minutes ago, Marcos said: I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it? this server block ping! but the website can access! can you test for me! I test DNS show that correct Block-IP, Edited December 15, 2020 by LDCC Link to comment Share on other sites More sharing options...
Enrico 3 Posted December 15, 2020 Share Posted December 15, 2020 That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ). Link to comment Share on other sites More sharing options...
itman 1,751 Posted December 15, 2020 Share Posted December 15, 2020 (edited) 3 hours ago, Enrico said: That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Actually, the rule created by the OP is OK. Rather than specifying individual IP addresses in the rule's remote IP address section, he created a new zone and added the IP addresses there. He then specified that zone in the rule's remote section. If specifying individual IP addresses in the rule's remote IP address section works, then there is a bug in Eset's zone processing in a firewall rule. Edited December 15, 2020 by itman Link to comment Share on other sites More sharing options...
itman 1,751 Posted December 15, 2020 Share Posted December 15, 2020 (edited) Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list. Edited December 15, 2020 by itman Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 16, 2020 Author Share Posted December 16, 2020 14 hours ago, Enrico said: That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ). The first time I did like that but nothing done, and then a change to make Zone show it's still stuck there. Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 16, 2020 Author Share Posted December 16, 2020 9 hours ago, itman said: Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list. Yes! The Website cannot access but APP is still working. Link to comment Share on other sites More sharing options...
itman 1,751 Posted December 16, 2020 Share Posted December 16, 2020 13 hours ago, LDCC said: but APP is still working. What is APP? Is that a problem? Link to comment Share on other sites More sharing options...
Enrico 3 Posted December 17, 2020 Share Posted December 17, 2020 @itman : if I create a new zone with some IP ranges (goog), then create a deny rule for Firefox, the firewall behaves correctly. So we have two options: something's wrong in the op rule or something was fixed with the last module update. Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 17, 2020 Author Share Posted December 17, 2020 17 hours ago, itman said: What is APP? Is that a problem? Just Our company want block it! that's all Link to comment Share on other sites More sharing options...
Solution LDCC 0 Posted December 29, 2020 Author Solution Share Posted December 29, 2020 I'm just done it. see those Pic Block IP 147.92.165.66, 147.92.165.65, 147.92.249.2, 147.92.165.238, 147.92.165.206, 147.92.165.194, 147.92.165.28, 203.104.138.138, 203.104.160.12, 203.104.160.11, 203.104.142.52, 203.104.142.91, 203.104.150.2, 203.104.153.1, 203.104.153.91, 203.104.150.129, 42.119.184.196, 42.119.185.81, 125.209.222.202, 125.209.222.17, 125.209.222.18, 125.209.222.59 Block Web. *line*.me* *zalo*.* *line-scdn.* *akamaiedge*.* *line.naver.* *line-apps.* *linecorp*.* *line.me This result: Link to comment Share on other sites More sharing options...
LDCC 0 Posted December 29, 2020 Author Share Posted December 29, 2020 thank you for all! topic close now. Link to comment Share on other sites More sharing options...
Enrico 3 Posted December 29, 2020 Share Posted December 29, 2020 (edited) Akamaiedge is a CDN used by multiple websites and programs, blocking that global domain can cause issues, it's better to block only some of the subdomains used for analytics or tracking (like *g.akamaiedge.*). You can use Wireshark with the filter "dns" to log all the connection requests made by the app. Edited December 29, 2020 by Enrico Link to comment Share on other sites More sharing options...
itman 1,751 Posted December 29, 2020 Share Posted December 29, 2020 Here's a four year old posting on whether akamaiedge should be blocked: https://community.spiceworks.com/topic/1942000-is-it-ok-to-block-akamaiedge-net . The consensus answer is no. Link to comment Share on other sites More sharing options...
Recommended Posts