Jump to content

FireWall rule not working

LDCC
 Share Followers 2
Go to solution Solved by LDCC,

Recommended Posts

LDCC

LDCC 0

Posted
Posted

I want block some Ip of website:line.me  (203.104.153.129, 147.92.249.2, 203.104.153.1, 203.104.150.2, 203.104.138.138, 203.104.153.91)

1 Make Zone

1918134062_nh.png.be088d8dd13cc5f8ce3810376b114b3a.png

2 .Make rule

1431802471_nh.thumb.png.b6137904157441eb7b630ae27bbdc7bc.png

1163499038_nh.png.9217a643475b172a5ce24b402fe5717d.png

3 Check

287809404_nh.png.aab26f97e568705576423bd4e230d810.png

Nothing's happend? Pls help me!

 

 

Link to post
Share on other sites
  • Administrators
Marcos

Marcos 3,591

Posted
  • Administrators
Posted

I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it?

What you did is that you performed a DNS lookup but DNS communication with Google DNS servers was not blocked by the rule.

Link to post
Share on other sites
LDCC

LDCC 0

Posted
  • Author
Posted (edited)
2 minutes ago, Marcos said:

I overlooked that you didn't ping the server, or at least there was no such screen shot. Are you able to ping it?

this server block ping! but the website can access! can you test for me! I test DNS show that correct Block-IP, 

Edited by LDCC
Link to post
Share on other sites
Enrico

Enrico 0

Posted
Posted

That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add

01.png.69f6f5226f59bf3bc3e38bf43507147f.png

02.png.ac88c55e0930030f9b3a93869b33346f.png

Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ).

 

Link to post
Share on other sites
itman

itman 936

Posted
Posted (edited)
3 hours ago, Enrico said:

That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add

Actually, the rule created by the OP is OK.

Rather than specifying individual IP addresses in the rule's remote IP address section, he created a new zone and added the IP addresses there. He then specified that zone in the rule's remote section.

If specifying individual IP addresses in the rule's remote IP address section works, then there is a bug in Eset's zone processing in a firewall rule.

Edited by itman
Link to post
Share on other sites
itman

itman 936

Posted
Posted (edited)

Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list.

Edited by itman
Link to post
Share on other sites
LDCC

LDCC 0

Posted
  • Author
Posted
14 hours ago, Enrico said:

That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add

01.png.69f6f5226f59bf3bc3e38bf43507147f.png

02.png.ac88c55e0930030f9b3a93869b33346f.png

Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ).

 

The first time I did like that but nothing done, and then a change to make Zone show it's still stuck there.

Link to post
Share on other sites
LDCC

LDCC 0

Posted
  • Author
Posted
9 hours ago, itman said:

Looks like the only way to block all line.me connections is to add less the quote marks, "line.me*" or "*line.me* as previously posted, to Eset Web access protection URL address management block list.

Yes! The Website cannot access but APP is still working.

Link to post
Share on other sites
Enrico

Enrico 0

Posted
Posted

@itman : if I create a new zone with some IP ranges (goog), then create a deny rule for Firefox, the firewall behaves correctly.

test1.png.36a3f47a0872eaf8812db750313806fd.png

test2.thumb.png.4acf20dfc56caa9e076889ac6eb3c2f0.png

So we have two options: something's wrong in the op rule or something was fixed with the last module update.

Link to post
Share on other sites
  • 2 weeks later...
  • Solution
LDCC

LDCC 0

Posted
  • Author
  • Solution
Posted

I'm just done it. see those Pic

582649910_nh.thumb.png.04ae4bdf5b7a8ffa72a89f2932037c44.png

525492897_nh.thumb.png.b02f490d8c234b79e5715ff63aecb3db.png

1984053939_nh.thumb.png.9c81fcb35413caae88462f8a2bdd3f34.png

Block IP

147.92.165.66,
147.92.165.65,
147.92.249.2,
147.92.165.238,
147.92.165.206,
147.92.165.194,
147.92.165.28,
203.104.138.138,
203.104.160.12,
203.104.160.11,
203.104.142.52,
203.104.142.91,
203.104.150.2,
203.104.153.1,
203.104.153.91,
203.104.150.129,
42.119.184.196,
42.119.185.81,
125.209.222.202,
125.209.222.17,
125.209.222.18,
125.209.222.59

Block Web.

*line*.me*
*zalo*.*
*line-scdn.*
*akamaiedge*.*
*line.naver.*
*line-apps.*
*linecorp*.*
*line.me

This result:

738276099_nh.thumb.png.4ff79c0d7f2c7731cffd12f7b0b47133.png

 

Link to post
Share on other sites
Enrico

Enrico 0

Posted
Posted (edited)

Akamaiedge is a CDN used by multiple websites and programs, blocking that global domain can cause issues, it's better to block only some of the subdomains used for analytics or tracking (like *g.akamaiedge.*).

You can use Wireshark with the filter "dns" to log all the connection requests made by the app.

Edited by Enrico
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 2
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...