firewall restrictions not working?

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

Post Reply
gsnorcal
Posts: 3
Joined: Wed Oct 26, 2016 7:00 pm

firewall restrictions not working?

Post by gsnorcal »

Hi,

I'm having problems understanding the firewall restrictions. For example, I have a computer on the network that I want to ONLY be able to access github.

Here's my config, but I can still connect my browser to other IP's (e.g. Google).

My config:

Image

What am I not understanding?

Thanks,
Dave
Last edited by gsnorcal on Thu Nov 17, 2016 1:12 am, edited 1 time in total.

gsnorcal
Posts: 3
Joined: Wed Oct 26, 2016 7:00 pm

Re: firewall restrictions not working?

Post by gsnorcal »

I also have this rule, which is blocking apple.com, http://www.apple.com, but not discussions.apple.com.

Obviously I'm confused in my expectations.

Image

Thanks,
Dave

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: firewall restrictions not working?

Post by Lantis »

Unsure about your first one, would have to do more digging.

But for your second one, it is only blocking apple.com because by default the apple website is insecure (not https). if you manually navigate to https://www.apple.com/ you'll find that the connection should go through.
There is no insecure version of discussions.apple.com and therefore it cannot be blocked.
SSL encryption prevents us from looking into the packet and finding out what url it came from.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

gsnorcal
Posts: 3
Joined: Wed Oct 26, 2016 7:00 pm

Re: firewall restrictions not working?

Post by gsnorcal »

Understood, @lantis about looking at the hostname. But for the first one, it seems pretty clear that I want to block ALL access except for one IP and one port.

Curious. Any more clues appreciated.

It sucks to be so bandwidth limited. I've never put so much energy into trying NOT to be connected. ;-)

Dave

anon123654
Posts: 4
Joined: Wed Sep 23, 2015 8:24 am

Re: firewall restrictions not working?

Post by anon123654 »

To be honest with you I have never been able to get the Gargoyle firewall to work therefore I consider it broken. Is you cannot get a whitelist to work i.e. block unless connection provably from IP/Address then there is something wrong in the design. I can understand how blacklists fail, due to being unable to see the full details, but not whitelists where the default action is to block unless rule matched.

Whilst open firmware on routers has proved handy I will be moving to using pfsense on a VM with dedicated passed through NICs in order to truly get some firewall restrictions that work.

d3fz
Posts: 277
Joined: Sun Aug 28, 2016 7:34 pm

Re: firewall restrictions not working?

Post by d3fz »

Latest Gargoyle builds now supports HTTPS blocking.

Why don't you give it a try before giving up on Gargoyle? :)
TP-Link Archer C7 v2 - Gargoyle 1.12.X
TP-Link WR842ND v2 - Gargoyle 1.10.X
TP-Link RE450 AC v2 - Stock FW 1.0.4
TP-Link WA850RE v1.2 - LEDE 17.01.1

Post Reply