I'd like to allow guest access to the internet and machines in the .30 - .39 range.
In tghe restrictions I have:
Rules applies to : only the following host 192.168.10.5
Schedule all day, every day
Restricted resources all network access (unticked) set to block only:
then 192.168.10.2-192.168.10.30
and 192.168.10.40-192.168.10.254
All the others are set to block all.
THe firewall rules I see are as follows, that doesn't actually look like its doing anything.
Code: Select all
Chain egress_restrictions (1 references)
target prot opt source destination
egress_whitelist all -- anywhere anywhere
CONNMARK all -- anywhere anywhere CONNMARK xset 0x20000000/0xff000000
CONNMARK tcp -- anywhere anywhere tcp dpt:ntp CONNMARK and 0xdfffffff
CONNMARK udp -- anywhere anywhere udp dpt:ntp CONNMARK and 0xdfffffff
CONNMARK tcp -- anywhere anywhere tcp dpt:ssmtp CONNMARK and 0xdfffffff
CONNMARK udp -- anywhere anywhere udp dpt:465 CONNMARK and 0xdfffffff
CONNMARK tcp -- Cam-NVR anywhere CONNMARK or 0x40000000
CONNMARK udp -- Cam-NVR anywhere CONNMARK or 0x40000000
REJECT all -- anywhere anywhere connmark match 0x60000000/0xff000000 reject-with i cmp-port-unreachable
CONNMARK all -- anywhere anywhere CONNMARK and 0xffffff
CONNMARK all -- anywhere anywhere destination IP range 192.168.10.2-192.168.10.30 CO NNMARK or 0x10000000
CONNMARK all -- anywhere anywhere destination IP range 192.168.10.40-192.168.10.254 CONNMARK or 0x10000000
CONNMARK all -- NazgulGuest anywhere CONNMARK or 0x80000000
REJECT all -- anywhere anywhere connmark match 0x90000000/0xff000000 reject-with i cmp-port-unreachable
CONNMARK all -- anywhere anywhere CONNMARK and 0xffffff