Blocking access to ip's in alias for clients in alias does not work (for me)

[Mr. Happy]

I have created a rule (at first with a schedule, but removed the schedule for testing purposes).

The rule consists of an alias (for now with 1 ip address) which is blocked access to another alias (for now with 1 ip address).
It is the first rule in the rules definitions for that vlan, the last rule is triggered - which allows the traffic.
Access from that client is permitted to that ip address.
The rule is evaluated over 100.000 times and triggered 0 times...
There is nothing in the logging to be found regarding this traffic (being blocked).

How/where can I find out why traffic is not blocked?

[Fright]

hard to say without seeing the rules
is it quick rule?

[Mr. Happy]

It's a Quick-rule and these are the aliases:

Code Select Expand


Clients2Block Host(s) Clients 2 Block 192.168.30.109
Sites2Block URL (IPs) Sites 2 Block 172.217.17.46

The rule basically is

Code Select Expand


Protocol Source Port Destination Port Gateway Schedule Description
IPv4 * Clients2Block  * Sites2Block * * * Block Sites 4 Clients

Edit:
apparently using an alias for Sites2Block does not work.
Changed both to ip one at a time and tested and changed them back to alias.
When I changed the alias to Sites2Block traffic was possible again.

[Fright]

oh. you can try save your Sites2Block once again and shoud get "error fetching alias url 172.217.17.46" in logs.
URL(IPs) alias type is for fetching list from remote IP (once).
change Sites2Block type to Networks or Hosts type
https://docs.opnsense.org/manual/aliases.html

[Mr. Happy]

oh. you can try save your Sites2Block once again and shoud get "error fetching alias url 172.217.17.46" in logs.
URL(IPs) alias type is for fetching list from remote IP (once).
change Sites2Block type to Networks or Hosts type
https://docs.opnsense.org/manual/aliases.html

The link helped... (Why didn't I find that.... :/)
I assumed URL (IP) meant url or ip....
Now used Hosts and fqdn (which I wanted/needed) and now it works fine.

[Vilhonator]

You can block connections by setting up Firewall rule in Opnsense.

Go to Firewall -> Rule -> Interface of your VLAN and click "add". (image 1- I use Lan as an example for VLAN interface).

On "Action" choose "Block" on "Direction" choose "in", on "source" choose the Alias which contains VLAN ip which belongs to same network as the VLAN interface, on "destination" choose alias to which you want to block the VLAN alias to have any connection. Leave rest and all other unmentioned things to default values and click "save" (image 2)

Check the rule you created and move it on top of first allowing rule and click apply (image 3.)

Clone that rule and switch aliases from source (this time to what is on destination) and destination (this time what was in source). click "save" and make sure cloned rule is below the rule you created first and click "apply changes".

Test if it is working.