Print Page - Block specific IP

Title: Block specific IP
Post by: litk on March 04, 2020, 10:36:02 AM

Hi,
can you explain me why 192.168.10.199 host is not blocked from access to the internet with this firewall rules?
https://ibb.co/09vbfSt
If I check rule option "Apply the action immediately on match" then all other hosts are blocked from the access to the Internet.

Title: Re: Block specific IP
Post by: chemlud on March 04, 2020, 10:58:19 AM

Because you block the complete /24 beginning from 192.168.10.199. But you only want to block /32 (single host).

Title: Re: Block specific IP
Post by: litk on March 04, 2020, 11:06:51 AM

The host 192.168.10.199/32 is not blocked anyway.

Sorry I forgot to click apply. Works now. Thank you a lot.

Title: Re: Block specific IP
Post by: hbc on March 04, 2020, 12:21:51 PM

The grey flash indicates a lazy rule (last matched). So at least ports 53, 80 and 443 are permitted to this host before your explicit block rules are matched.

If you want to block it, make it a quick rule (first match) and correct the netmask to /32.

Title: Re: Block specific IP
Post by: litk on March 05, 2020, 08:07:06 AM

Hey I have another problem with this rule because on the host 192.168.10.199 youtube is working, any other site are blocked. Youtube is loading but video clips dont. Why is that?
https://ibb.co/4f8WzBV

OPNsense Forum

English Forums => General Discussion => Topic started by: litk on March 04, 2020, 10:36:02 AM