I was setting up some restrictions and it appears that I'm either missing something or the UI is a little misleading. Perhaps some adjustments to make it "correct" are required,
If you set up a restriction for a particular type of packet (DNS), then the system lists the following;
Restricted Resources:
Remote IP(s): Block All
Remote Port(s): Block All
Local Port(s): Block All
Transport Protocol: Block All
Application Protocol: Block Only DNS
Website URL(s): Block All
Now grammatically this is saying block All remote IPs, All remote ports, All local ports, All transport protocols and All websites but only block the DNS application protocol. This does not make any technical sense. I *think* what I have really setup is:
Block Only DNS application protocol but since I have not touched the others, they should not say Block All but they really indicate Block None.
Useability Improvement
Moderator: Moderators
Useability Improvement
Paul
Gargoyle 1.11.x on TP-Link Archer C7 V2 H/W
Gargoyle 1.11.x on TP-Link Archer C7 V2 H/W
Re: Useability Improvement
I agree it is ambiguous, and I've been toying with the idea of replacing 'All' with 'Any'.
What it really needs to indicate is that everything of this type that ALSO also satisfies all other rules is blocked. So in your example ALL remote IPs are blocked that ALSO satisfy the condition of interacting via DNS. It's like a big if statement with the different clauses joined by ANDs.
The problem is in communicating this in a straightforward manner. Clearly "None" as you suggest is also not correct, as that would imply that you are explicitly NOT blocking this protocol. Hence, I think 'Any' might be a better choice, but I do wonder if there is a better one. Any ideas?
What it really needs to indicate is that everything of this type that ALSO also satisfies all other rules is blocked. So in your example ALL remote IPs are blocked that ALSO satisfy the condition of interacting via DNS. It's like a big if statement with the different clauses joined by ANDs.
The problem is in communicating this in a straightforward manner. Clearly "None" as you suggest is also not correct, as that would imply that you are explicitly NOT blocking this protocol. Hence, I think 'Any' might be a better choice, but I do wonder if there is a better one. Any ideas?
Re: Useability Improvement
Eric,
Maybe you can do it in a similar way to the top part of the restriction. So,
Add a new restriction
Select one of
Remote IP(s)
Remote Port(s):
Local Port(s)
Transport Protocol
Application Protocol
Website URL(s)
Once I select Remote IP, there is a page where I can add some Remote IPs.
If I then want to restrict something more specific, an Application Protocol from a specific remote IPs, then I would add another restriction for the same rule, select Application Protocol, select my Application Protocol and then hit save. The two rules would be ANDed together.
For example, a Restriction to block DNS OR VoIP Audio from a set of remote IPs would be:
Add Restriction Remote IP x.x.x.x, y.y.y.y, z.z.z.z (page allows me to enter multiple IP addresses)
Add Restriction Application Protocol (page allows me to enter multiple Applications Protocols)
Logically, the phrase would be:
Block application protocols (DNS OR VoIP Audio) ANDed with
Block Remote IPs (x.x.x.x OR y.y.y.y OR z.z.z.z)
Thoughts?
Maybe you can do it in a similar way to the top part of the restriction. So,
Add a new restriction
Select one of
Remote IP(s)
Remote Port(s):
Local Port(s)
Transport Protocol
Application Protocol
Website URL(s)
Once I select Remote IP, there is a page where I can add some Remote IPs.
If I then want to restrict something more specific, an Application Protocol from a specific remote IPs, then I would add another restriction for the same rule, select Application Protocol, select my Application Protocol and then hit save. The two rules would be ANDed together.
For example, a Restriction to block DNS OR VoIP Audio from a set of remote IPs would be:
Add Restriction Remote IP x.x.x.x, y.y.y.y, z.z.z.z (page allows me to enter multiple IP addresses)
Add Restriction Application Protocol (page allows me to enter multiple Applications Protocols)
Logically, the phrase would be:
Block application protocols (DNS OR VoIP Audio) ANDed with
Block Remote IPs (x.x.x.x OR y.y.y.y OR z.z.z.z)
Thoughts?
Paul
Gargoyle 1.11.x on TP-Link Archer C7 V2 H/W
Gargoyle 1.11.x on TP-Link Archer C7 V2 H/W