Hi,
I'm having problems understanding the firewall restrictions. For example, I have a computer on the network that I want to ONLY be able to access github.
Here's my config, but I can still connect my browser to other IP's (e.g. Google).
My config:
What am I not understanding?
Thanks,
Dave
firewall restrictions not working?
Moderator: Moderators
firewall restrictions not working?
Last edited by gsnorcal on Thu Nov 17, 2016 1:12 am, edited 1 time in total.
Re: firewall restrictions not working?
I also have this rule, which is blocking apple.com, http://www.apple.com, but not discussions.apple.com.
Obviously I'm confused in my expectations.
Thanks,
Dave
Obviously I'm confused in my expectations.
Thanks,
Dave
Re: firewall restrictions not working?
Unsure about your first one, would have to do more digging.
But for your second one, it is only blocking apple.com because by default the apple website is insecure (not https). if you manually navigate to https://www.apple.com/ you'll find that the connection should go through.
There is no insecure version of discussions.apple.com and therefore it cannot be blocked.
SSL encryption prevents us from looking into the packet and finding out what url it came from.
But for your second one, it is only blocking apple.com because by default the apple website is insecure (not https). if you manually navigate to https://www.apple.com/ you'll find that the connection should go through.
There is no insecure version of discussions.apple.com and therefore it cannot be blocked.
SSL encryption prevents us from looking into the packet and finding out what url it came from.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: firewall restrictions not working?
Understood, @lantis about looking at the hostname. But for the first one, it seems pretty clear that I want to block ALL access except for one IP and one port.
Curious. Any more clues appreciated.
It sucks to be so bandwidth limited. I've never put so much energy into trying NOT to be connected.
Dave
Curious. Any more clues appreciated.
It sucks to be so bandwidth limited. I've never put so much energy into trying NOT to be connected.
Dave
-
- Posts: 4
- Joined: Wed Sep 23, 2015 8:24 am
Re: firewall restrictions not working?
To be honest with you I have never been able to get the Gargoyle firewall to work therefore I consider it broken. Is you cannot get a whitelist to work i.e. block unless connection provably from IP/Address then there is something wrong in the design. I can understand how blacklists fail, due to being unable to see the full details, but not whitelists where the default action is to block unless rule matched.
Whilst open firmware on routers has proved handy I will be moving to using pfsense on a VM with dedicated passed through NICs in order to truly get some firewall restrictions that work.
Whilst open firmware on routers has proved handy I will be moving to using pfsense on a VM with dedicated passed through NICs in order to truly get some firewall restrictions that work.
Re: firewall restrictions not working?
Latest Gargoyle builds now supports HTTPS blocking.
Why don't you give it a try before giving up on Gargoyle?
Why don't you give it a try before giving up on Gargoyle?
TP-Link Archer C7 v2 - Gargoyle 1.12.X
TP-Link WR842ND v2 - Gargoyle 1.10.X
TP-Link RE450 AC v2 - Stock FW 1.0.4
TP-Link WA850RE v1.2 - LEDE 17.01.1
TP-Link WR842ND v2 - Gargoyle 1.10.X
TP-Link RE450 AC v2 - Stock FW 1.0.4
TP-Link WA850RE v1.2 - LEDE 17.01.1