Author Topic: Firewall not blocking addresses (Read 1596 times)

reano · « **on:** November 19, 2013, 03:04:27 pm »

Need some help here, please - maybe I'm just missing something

We're getting many connections between users on our network and amazonaws sites. We're trying to block most of these. The one in question is this one (screenshot from iftop):

That address resolves to 54.221.231.21.

We've created a network object called "object_badsites", with that IP as a member (together with another IP that we also want to block). Object setup is:

Then we set up the firewall to block it at every possible point (some rules are overkill, but bear with me..). Firewall rules are:

External networks to Zentyal:

Traffic coming out of Zentyal:

External networks to internal networks:

Internal networks:

Internal networks to Zentyal:

But yet, even with all those rules loaded, we keep seeing traffic get through from/to ec2-54-221-231-21.compute-1.amazonaws.com (as per the first screenshot in my post).

Does anyone have any ideas? Maybe something I set up incorrectly?

reano · « **Reply #1 on:** November 21, 2013, 07:16:10 am »

Anyone have any ideas re the above issue?

zmd · « **Reply #2 on:** November 22, 2013, 09:13:06 am »

Quote from: reano on November 21, 2013, 07:16:10 am

Anyone have any ideas re the above issue?

You need to do a lock means SQUID.

reano · « **Reply #3 on:** November 22, 2013, 11:48:42 pm »

Quote from: zmd on November 22, 2013, 09:13:06 am

Quote from: reano on November 21, 2013, 07:16:10 am
Anyone have any ideas re the above issue?
You need to do a lock means SQUID.

I did block it in squid, but these aren't http connections.

Cookies usage

Author Topic: Firewall not blocking addresses (Read 1596 times)

reano

Firewall not blocking addresses

reano

Re: Firewall not blocking addresses

zmd

Re: Firewall not blocking addresses

reano

Re: Firewall not blocking addresses