LDCC 0 Posted December 15, 2020 Share Posted December 15, 2020 I want block some Ip of website:line.me (203.104.153.129, 147.92.249.2, 203.104.153.1, 203.104.150.2, 203.104.138.138, 203.104.153.91) 1 Make Zone 2 .Make rule 3 Check Nothing's happend? Pls help me! Quote Link to post Share on other sites
Administrators Marcos 3,591 Posted December 15, 2020 Administrators Share Posted December 15, 2020 Try moving the rule on the very top after toggling the display of default rules. Quote Link to post Share on other sites
LDCC 0 Posted December 15, 2020 Author Share Posted December 15, 2020 1 minute ago, Marcos said: Try moving the rule on the very top after toggling the display of default rules. its move already! But the same result Quote Link to post Share on other sites
Administrators Marcos 3,591 Posted December 15, 2020 Administrators Share Posted December 15, 2020 I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it? What you did is that you performed a DNS lookup but DNS communication with Google DNS servers was not blocked by the rule. Quote Link to post Share on other sites
LDCC 0 Posted December 15, 2020 Author Share Posted December 15, 2020 I just test on my laptop and Eset protect 8.0 Server (make policy for PC group) it's same! I dont know why? Quote Link to post Share on other sites
LDCC 0 Posted December 15, 2020 Author Share Posted December 15, 2020 (edited) 2 minutes ago, Marcos said: I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it? this server block ping! but the website can access! can you test for me! I test DNS show that correct Block-IP, Edited December 15, 2020 by LDCC Quote Link to post Share on other sites
Enrico 0 Posted December 15, 2020 Share Posted December 15, 2020 That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ). Quote Link to post Share on other sites
itman 936 Posted December 15, 2020 Share Posted December 15, 2020 (edited) 3 hours ago, Enrico said: That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Actually, the rule created by the OP is OK. Rather than specifying individual IP addresses in the rule's remote IP address section, he created a new zone and added the IP addresses there. He then specified that zone in the rule's remote section. If specifying individual IP addresses in the rule's remote IP address section works, then there is a bug in Eset's zone processing in a firewall rule. Edited December 15, 2020 by itman Quote Link to post Share on other sites
itman 936 Posted December 15, 2020 Share Posted December 15, 2020 (edited) Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list. Edited December 15, 2020 by itman Quote Link to post Share on other sites
LDCC 0 Posted December 16, 2020 Author Share Posted December 16, 2020 14 hours ago, Enrico said: That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ). The first time I did like that but nothing done, and then a change to make Zone show it's still stuck there. Quote Link to post Share on other sites
LDCC 0 Posted December 16, 2020 Author Share Posted December 16, 2020 9 hours ago, itman said: Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list. Yes! The Website cannot access but APP is still working. Quote Link to post Share on other sites
itman 936 Posted December 16, 2020 Share Posted December 16, 2020 13 hours ago, LDCC said: but APP is still working. What is APP? Is that a problem? Quote Link to post Share on other sites
Enrico 0 Posted December 17, 2020 Share Posted December 17, 2020 @itman : if I create a new zone with some IP ranges (goog), then create a deny rule for Firefox, the firewall behaves correctly. So we have two options: something's wrong in the op rule or something was fixed with the last module update. Quote Link to post Share on other sites
LDCC 0 Posted December 17, 2020 Author Share Posted December 17, 2020 17 hours ago, itman said: What is APP? Is that a problem? Just Our company want block it! that's all Quote Link to post Share on other sites
Solution LDCC 0 Posted December 29, 2020 Author Solution Share Posted December 29, 2020 I'm just done it. see those Pic Block IP 147.92.165.66, 147.92.165.65, 147.92.249.2, 147.92.165.238, 147.92.165.206, 147.92.165.194, 147.92.165.28, 203.104.138.138, 203.104.160.12, 203.104.160.11, 203.104.142.52, 203.104.142.91, 203.104.150.2, 203.104.153.1, 203.104.153.91, 203.104.150.129, 42.119.184.196, 42.119.185.81, 125.209.222.202, 125.209.222.17, 125.209.222.18, 125.209.222.59 Block Web. *line*.me* *zalo*.* *line-scdn.* *akamaiedge*.* *line.naver.* *line-apps.* *linecorp*.* *line.me This result: Quote Link to post Share on other sites
LDCC 0 Posted December 29, 2020 Author Share Posted December 29, 2020 thank you for all! topic close now. Quote Link to post Share on other sites
Enrico 0 Posted December 29, 2020 Share Posted December 29, 2020 (edited) Akamaiedge is a CDN used by multiple websites and programs, blocking that global domain can cause issues, it's better to block only some of the subdomains used for analytics or tracking (like *g.akamaiedge.*). You can use Wireshark with the filter "dns" to log all the connection requests made by the app. Edited December 29, 2020 by Enrico Quote Link to post Share on other sites
itman 936 Posted December 29, 2020 Share Posted December 29, 2020 Here's a four year old posting on whether akamaiedge should be blocked: https://community.spiceworks.com/topic/1942000-is-it-ok-to-block-akamaiedge-net . The consensus answer is no. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.