firewall restrictions not working?

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

gsnorcal
Posts: 3
Joined: Wed Oct 26, 2016 7:00 pm

firewall restrictions not working?

Postby gsnorcal » Thu Nov 17, 2016 1:07 am

Hi,

I'm having problems understanding the firewall restrictions. For example, I have a computer on the network that I want to ONLY be able to access github.

Here's my config, but I can still connect my browser to other IP's (e.g. Google).

My config:

Image

What am I not understanding?

Thanks,
Dave
Last edited by gsnorcal on Thu Nov 17, 2016 1:12 am, edited 1 time in total.

gsnorcal
Posts: 3
Joined: Wed Oct 26, 2016 7:00 pm

Re: firewall restrictions not working?

Postby gsnorcal » Thu Nov 17, 2016 1:10 am

I also have this rule, which is blocking apple.com, http://www.apple.com, but not discussions.apple.com.

Obviously I'm confused in my expectations.

Image

Thanks,
Dave

Lantis
Moderator
Posts: 4134
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: firewall restrictions not working?

Postby Lantis » Thu Nov 17, 2016 3:12 am

Unsure about your first one, would have to do more digging.

But for your second one, it is only blocking apple.com because by default the apple website is insecure (not https). if you manually navigate to https://www.apple.com/ you'll find that the connection should go through.
There is no insecure version of discussions.apple.com and therefore it cannot be blocked.
SSL encryption prevents us from looking into the packet and finding out what url it came from.
WRT1900AC V1 on 1.10.X
WNDR3800/WRT3200ACM in a constant state of flux
www.lantisproject.com for custom builds and other projects
www.lantisproject.com/gargoyle_ispyisail/ for the latest releases

gsnorcal
Posts: 3
Joined: Wed Oct 26, 2016 7:00 pm

Re: firewall restrictions not working?

Postby gsnorcal » Thu Nov 17, 2016 4:02 pm

Understood, @lantis about looking at the hostname. But for the first one, it seems pretty clear that I want to block ALL access except for one IP and one port.

Curious. Any more clues appreciated.

It sucks to be so bandwidth limited. I've never put so much energy into trying NOT to be connected. ;-)

Dave

anon123654
Posts: 4
Joined: Wed Sep 23, 2015 8:24 am

Re: firewall restrictions not working?

Postby anon123654 » Tue May 08, 2018 6:42 pm

To be honest with you I have never been able to get the Gargoyle firewall to work therefore I consider it broken. Is you cannot get a whitelist to work i.e. block unless connection provably from IP/Address then there is something wrong in the design. I can understand how blacklists fail, due to being unable to see the full details, but not whitelists where the default action is to block unless rule matched.

Whilst open firmware on routers has proved handy I will be moving to using pfsense on a VM with dedicated passed through NICs in order to truly get some firewall restrictions that work.

d3fz
Posts: 260
Joined: Sun Aug 28, 2016 7:34 pm

Re: firewall restrictions not working?

Postby d3fz » Tue May 08, 2018 8:04 pm

Latest Gargoyle builds now supports HTTPS blocking.

Why don't you give it a try before giving up on Gargoyle? :)
TP-Link Archer C7 v2 - Gargoyle 1.10.X
TP-Link WR842ND v2 - Gargoyle 1.10.X
TP-Link RE450 AC v2 - Stock FW 1.0.4
TP-Link WA850RE v1.2 - LEDE 17.01.1

Tired of Chrome? Try Vivaldi - an advanced browser built for power users


Return to “Other Issues”

Who is online

Users browsing this forum: No registered users and 2 guests