just joined
Posts: 12Joined: Wed Dec 18, 2019 4:31 pmBlocking websites not working
Wed Dec 18, 2019 4:46 pm
Hello to all,
I have a problem at a client site. I have configured the
router to block Facebook, but unfortunately it is not working. Testing in my lab at home it was working from the start.
I have created a layer 7 protocol rule [ ^.+[facebook.com].*$ ], added a new rule in firewall and moved the rule right on top, just to be sure it is processed first. Looks like it is not. If I look at the packets count it still stays to zero. I really don't know what to do anymore so maybe someone has a clue on how to fix this, since in my lab at home is working.
I
even imported the same firewall rules from the client's router to my router, and at home is still working.
Client router 6.43.5
Home lab router 6.45.3
2019-12-18_16-42-34.png
Let me know if you need an export of the firewall rules in txt.
Thanks in advance,
Adrian
You do not have the required permissions to view the files attached to this post.
Forum
Guru
Re: Blocking websites not working
Thu Dec 19, 2019 3:08 am
Even if you block it using L7, what about the mobile apps ? You block nothing there...
Its not an effective way, it consumes CPU and it causes problems to other sites too...
just joined
Topic Author
Posts: 12Joined: Wed Dec 18, 2019 4:31 pmRe: Blocking websites not working
Thu Dec 19, 2019 9:32 am
Thanks for the reply Zacharias, but I don't have mobile apps. My client has just
three or four boxes that it wants to filter, so I don't stress about the CPU consumption.
It's just curious tough, that even if the rule is on top it is not hit by any traffic. I taught that rules are processed in order in firewall.
Member Candidate
Re: Blocking websites not working
Thu Dec 19, 2019 9:43 am
There are several similar topics, you just have to search them.
In case, you can ty this:
regexp="^.+[www.facebook.com|facebook.com|login.facebook.com|ww\
w.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com|www.fbcdn.com|static.ak.fbcdn.net|static.ak.connect.facebook.com|connect.facebook.net|www.connect.facebook.net|apps.facebook.com].*\$"
Edit: Note that only unencrypted HTTP can be matched.
just joined
Topic Author
Posts: 12Joined: Wed Dec 18, 2019 4:31 pmRe: Blocking websites not working
Thu Dec 19, 2019 9:50 am
The regexp is good since it is working in my home lab, the problem at the client site is that the rule is not even hit by any traffic even if it is on top.
I tried yours, but same result.
Forum
Guru
Re: Blocking websites not working
Thu Dec 19, 2019 12:25 pm
The most effective way is to block all its IPv4 subnet blocks used... and yes it can be done...
That way you block all the http traffic as well as any mobile application...
just joined
Topic Author
Posts: 12Joined: Wed Dec 18, 2019 4:31 pmRe: Blocking websites not working
Thu Dec 19, 2019 1:33 pm
Man...don't want to be arrogant or rude here, but what's up with you and the
mobile applications? I told you nobody use them in that office.
All I want to know is why the firewall rule that is on top is not applying, since that rule is the one that blocks the social media sites I need.
Forum Guru
Re: Blocking websites not working
Thu Dec 19, 2019 1:40 pm
Man...don't want to be arrogant or rude here
But you are...
Am just saying to you the most effective way to block 100% that site, but obviously you don't care...
Just to know, i can in less than 1 minute connect my tablet or phone through usb on your computer that you think you ve blocked that site and just bypass all what you think you have blocked by just sharing the Computers internet connection... so in terms of blocking everything must be taken into consideration... otherwise you blocked nothing, you think you did...
Anyways, good luck...
Long time Member
Re: Blocking websites not working [SOLVED]
Thu Dec 19, 2019 2:04 pm
Try to disable fastpath.
Mangle and some other advanced firewall options are not compatible with fastpath, and prevents the FW to look
into those packets.
I would give it a try...
**
MTCNA
Chateau 5G: high speed
Having an Audience? Use wifiwave2!!! [the more people complain, the faster it gets fixed
just joined
Posts: 10Joined: Wed May 17, 2017 2:34 pmLocation: Indonesia Contact:Re: Blocking websites not working
Thu Dec 19, 2019 2:41 pm
I more prefer with ip raw, use content to block whatever you like to block then assign it to new dst address list but remember you also had to make sure dst address list in advanced tab is not your lan ip address, otherwise your lan ip address also included in block list, and the last step is to make dropping rule to get your job done. Good luck
Sent from my Redmi 5 using Tapatalk
Frequent
Visitor
Re: Blocking websites not working
Thu Dec 19, 2019 2:52 pm
If no other rule matches before [e.g. raw, prerouting] than the rule simple dosen't match.
First, do you try from 192.18.10.96? Your rule matches only traffic form this source.
What happen, wenn you set up a passthroug rule with log and only your Layer-7 regex?
just joined
Topic Author
Posts: 12Joined: Wed Dec 18, 2019 4:31 pmRe: Blocking websites not working
Thu Dec 19, 2019 6:09 pm
Thank you WeWiNet, problem solved. After I disabled
fastpath everything started working as it should.
I used the command in this post to disable it. viewtopic.php?t=112127
Thanks a lot again, much apprech.