I simply wanted to block an internal client with the IP address of (192.168.1.242) from accessing 8.8.8.8 (google dns) where would be the best place to put that rule.
Testing and checking has failed hence why I ask, not sure what I am overlooking here, would a floating rule be best ?
You should place the rule on the interface (LAN?) where the client is connected. What leads you to think it should be a floating rule?
If I wanted to make this logic a little more complex how should I order the below rules.
Sodo Logic:
Block IP (192.168.1.242) to (ANY) port (53)
Allow IP (192.168.1.242) to (1.1.1.3) Port (53)
Goal:
I want the IP address (192.168.1.242) to only have the ability to query the DNS server 1.1.1.3 for DNS requests. So for example is the user of the PC with the IP address of (192.168.1.242) decided to change their local network card settings to use the DNS server 8.8.8.8 their traffic should get blocked and ultimately web pages will fail to load.
Thanks for the help
Rules are probed from the top to the bottom. The first matching wins.
So you have to put the Allow rule above of the block rule. Since it allows only port 53 to a single IP, the client can access nothing else.
I tried putting the block rule on the top and on the bottom and in testing nothing is working, the client can still reach 8.8.8.8 not sure what is going on here.
Remember that a state is created, when an connection is allowed. Reordering rules doesn't delete the states. It exist till it times out.
You've manually clear the states to test the new rule order.
You wanted to block 192.168.1.242 but the rules you're showing are rules for 10.0.0.242. Which one is correct?
I did not clear the states, did not know I had too
10.X is correct I said 192 for no good reason other than security through obscurity