Jump to content

FireWall rule not working


Go to solution Solved by LDCC,

Recommended Posts

I want block some Ip of website:line.me  (203.104.153.129, 147.92.249.2, 203.104.153.1, 203.104.150.2, 203.104.138.138, 203.104.153.91)

1 Make Zone

1918134062_nh.png.be088d8dd13cc5f8ce3810376b114b3a.png

2 .Make rule

1431802471_nh.thumb.png.b6137904157441eb7b630ae27bbdc7bc.png

1163499038_nh.png.9217a643475b172a5ce24b402fe5717d.png

3 Check

287809404_nh.png.aab26f97e568705576423bd4e230d810.png

Nothing's happend? Pls help me!

 

 

Link to comment
Share on other sites

1 minute ago, Marcos said:

Try moving the rule on the very top after toggling the display of default rules.

818593216_nh.png.d785bbbad89872594ee4b8b8c982dd7c.png

its move already! But the same result

 

Link to comment
Share on other sites

  • Administrators

I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it?

What you did is that you performed a DNS lookup but DNS communication with Google DNS servers was not blocked by the rule.

Link to comment
Share on other sites

2 minutes ago, Marcos said:

I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it?

this server block ping! but the website can access! can you test for me! I test DNS show that correct Block-IP, 

Edited by LDCC
Link to comment
Share on other sites

That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add

01.png.69f6f5226f59bf3bc3e38bf43507147f.png

02.png.ac88c55e0930030f9b3a93869b33346f.png

Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ).

 

Link to comment
Share on other sites

3 hours ago, Enrico said:

That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add

Actually, the rule created by the OP is OK.

Rather than specifying individual IP addresses in the rule's remote IP address section, he created a new zone and added the IP addresses there. He then specified that zone in the rule's remote section.

If specifying individual IP addresses in the rule's remote IP address section works, then there is a bug in Eset's zone processing in a firewall rule.

Edited by itman
Link to comment
Share on other sites

Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list.

Edited by itman
Link to comment
Share on other sites

14 hours ago, Enrico said:

That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add

01.png.69f6f5226f59bf3bc3e38bf43507147f.png

02.png.ac88c55e0930030f9b3a93869b33346f.png

Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ).

 

The first time I did like that but nothing done, and then a change to make Zone show it's still stuck there.

Link to comment
Share on other sites

9 hours ago, itman said:

Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list.

Yes! The Website cannot access but APP is still working.

Link to comment
Share on other sites

@itman : if I create a new zone with some IP ranges (goog), then create a deny rule for Firefox, the firewall behaves correctly.

test1.png.36a3f47a0872eaf8812db750313806fd.png

test2.thumb.png.4acf20dfc56caa9e076889ac6eb3c2f0.png

So we have two options: something's wrong in the op rule or something was fixed with the last module update.

Link to comment
Share on other sites

  • 2 weeks later...
  • Solution

I'm just done it. see those Pic

582649910_nh.thumb.png.04ae4bdf5b7a8ffa72a89f2932037c44.png

525492897_nh.thumb.png.b02f490d8c234b79e5715ff63aecb3db.png

1984053939_nh.thumb.png.9c81fcb35413caae88462f8a2bdd3f34.png

Block IP

147.92.165.66,
147.92.165.65,
147.92.249.2,
147.92.165.238,
147.92.165.206,
147.92.165.194,
147.92.165.28,
203.104.138.138,
203.104.160.12,
203.104.160.11,
203.104.142.52,
203.104.142.91,
203.104.150.2,
203.104.153.1,
203.104.153.91,
203.104.150.129,
42.119.184.196,
42.119.185.81,
125.209.222.202,
125.209.222.17,
125.209.222.18,
125.209.222.59

Block Web.

*line*.me*
*zalo*.*
*line-scdn.*
*akamaiedge*.*
*line.naver.*
*line-apps.*
*linecorp*.*
*line.me

This result:

738276099_nh.thumb.png.4ff79c0d7f2c7731cffd12f7b0b47133.png

 

Link to comment
Share on other sites

Akamaiedge is a CDN used by multiple websites and programs, blocking that global domain can cause issues, it's better to block only some of the subdomains used for analytics or tracking (like *g.akamaiedge.*).

You can use Wireshark with the filter "dns" to log all the connection requests made by the app.

Edited by Enrico
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...