Need some help here, please - maybe I'm just missing something
We're getting many connections between users on our network and amazonaws sites. We're trying to block most of these. The one in question is this one (screenshot from iftop):
That address resolves to 54.221.231.21.
We've created a network object called "object_badsites", with that IP as a member (together with another IP that we also want to block). Object setup is:
Then we set up the firewall to block it at every possible point (some rules are overkill, but bear with me..). Firewall rules are:
External networks to Zentyal:Traffic coming out of Zentyal:External networks to internal networks:Internal networks:Internal networks to Zentyal:But yet, even with all those rules loaded, we keep seeing traffic get through from/to ec2-54-221-231-21.compute-1.amazonaws.com (as per the first screenshot in my post).
Does anyone have any ideas? Maybe something I set up incorrectly?