How do I block IP addresses in the New Firewall?

Article #:

Product:

Version:

KB-19

All

Inverness onwards

Summary:

How to create an IP block rule in the new consolidated Firewall rules page.

Problem:

IP block rules are primarily intended to block hostile hosts; however, you can also use this feature to isolate internal hosts, for example, in cases of malware infection.

The Inverness release saw the firewall-related pages in the Smoothwall being consolidated. The previous page for setting up IP address blocking (Network > Filtering > IP block) has been amalgamated into the new firewall page (Network > Firewall > Firewall rules) which determines how traffic is routed through the Smoothwall.

Solution:

1. Go to Network > Firewall > Firewall rules.
2. Create a firewall rule, noting the following:
Source IP addresses — If you want to block traffic originating from a specific address or subnet, select those IP addresses to block.

To create an exception block rule, use the Exclude button to exclude an IP address, IP address range, or IP address subnet.

Destination IP addresses — If you want to block traffic destined for specific addresses, or subnets, select those IP addresses to block.

To create an exception block rule, use the Exclude button to exclude an IP address, IP address range, or IP address subnet.

Log — Select to log matching network traffic to the Firewall log.
Action — From the drop-down list, select either Drop to ignore any request from the source IP address or network (similar to disconnecting an interface), or Reject to send an ICMP connection refused (ICMP destination-unreachable) message back to the originating IP address and no further communication is possible.

The above creates a IP block rule that mirrors the behavior from the pre-Inverness Smoothwalls.

Tip: The rules contained in the Firewall rules table are applied in a top-down approach (once a match is found, no further searching is made). It is recommended you create a section at the top of the table specifically for your network-specific block rules so they are not overridden by another later rule, and add the IP address blocking rule to it.

With the new consolidated firewall, you can also:

Specify the Inbound interfaces to only block addresses when traffic originates from those interfaces. Leave this parameter blank to match traffic coming from any interface, or combine this parameter with Source IP addresses to match traffic using the interface but only if it originates from those addresses.
Specify the Outbound interfaces to block all traffic going to those specified. You can use this parameter instead of Destination IP addresses to match all traffic using these interfaces, or leave this parameter blank to match traffic going to any interface.
Specify the Services that matching traffic uses. Traffic from specified services can be blocked. Leave this parameter blank to match traffic using any service.
Specify the Applications (Apps) that matching traffic uses. Traffic from specified applications is either blocked or rejected. Leave this parameter blank to match traffic from any application.
Specify the user Groups that matching traffic originates from. If required, you can block traffic from these groups. Leave this parameter blank to match traffic from any group.

For a detailed description of how to create and manage firewall rules, go to https://help.smoothwall.net/Inverness/Content/ui/admin/ipfilter/forward.htm.

See Also

Attribution:

Last updated:

Author:

Contributions by:

09th March 2017

Samantha Nair

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.