I am trying to block 1 PC from using anything but HTTP.
So I set up 2 services
S1 TCP/UDP ports 1 to 79
S2 TCP/UDP ports 81 to 65535
and 2 outbound rules
Outbound service S1 block always LAN 192.168.0.4 WAN Any
and
Outbound service S2 block always LAN 192.168.0.4 WAN Any
It blocked that PC from any internet usage and inspection of the logs revealed that the reason was the packets coming in from the lan were destined for a port 80 but were not coming from port 80!
So is what I am trying to do possible?
At the same time I noticed netbios traffic from that PC was being blocked. Port 137. I have a general rule that blocks port 137 outbound on all PC's - so I checked the logs and noticed that only one PC was being reported as blocked. It was not this PC! Is this a logging problem?
That rule is
Service NB TCP/UDP ports 137 to 139
Firewall rule is
Outbound Service NB Lan Any WAN Any
I checked back in the logs and noticed that only 1 PC is ever reported as being blocked!
Very strange I thought.
Any and all thoughts welcomed. I'm confused now!
So I set up 2 services
S1 TCP/UDP ports 1 to 79
S2 TCP/UDP ports 81 to 65535
and 2 outbound rules
Outbound service S1 block always LAN 192.168.0.4 WAN Any
and
Outbound service S2 block always LAN 192.168.0.4 WAN Any
It blocked that PC from any internet usage and inspection of the logs revealed that the reason was the packets coming in from the lan were destined for a port 80 but were not coming from port 80!
So is what I am trying to do possible?
At the same time I noticed netbios traffic from that PC was being blocked. Port 137. I have a general rule that blocks port 137 outbound on all PC's - so I checked the logs and noticed that only one PC was being reported as blocked. It was not this PC! Is this a logging problem?
That rule is
Service NB TCP/UDP ports 137 to 139
Firewall rule is
Outbound Service NB Lan Any WAN Any
I checked back in the logs and noticed that only 1 PC is ever reported as being blocked!
Very strange I thought.
Any and all thoughts welcomed. I'm confused now!