Reply To: Unable to block Layer 7

Home Page Forums Network Management ZeroShell Unable to block Layer 7 Reply To: Unable to block Layer 7

#47778

yum
Member

As I understand the default policy for FORWARD chain is ACCEPT and you want to block certain traffic. Try to put blocking rules closer to the top of the FORWARD chain. For example first rule for ssh and second for cisco VPN:

1.
DROP tcp opt — in ETH00 out ETH01 192.168.0.0/24 -> 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:22

2.
DROP udp opt — in ETH00 out ETH01 192.168.0.0/24 -> 0.0.0.0/0 state NEW,ESTABLISHED udp dpt:500