DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Filter rule does not block traffic

  • incagarcilaso
  • Topic Author
  • Offline
  • Banned
  • Banned
More
04 Mar 2012 17:08 #71440 by incagarcilaso
Replied by incagarcilaso on topic Re: Filter rule does not block traffic
You are right. I thought that this would work since the traffic had to pass through the router gateway but I see that this is not the case. In that case, when does the LAN to LAN filter work? Is this just for VPN or separate subnets?

However, the filter rules still do not apply when it is WAN to LAN. I have created an open port and then set up a filter to restrict which remote stations can make the connection but the filter does not get applied. I have tried and retried with different settings and rebooting the router after changes but the filter rule is simply not applied. I have written to support for this but am still awaiting a reply. The last issue I had was related to the VLAN not working and it was only a firmware upgrade that could solve this. I now have the very latest firmware but these filter rules are not working. Any ideas?

Thanks,

Matthew

Please Log in or Create an account to join the conversation.

More
05 Mar 2012 09:44 #71446 by scroucher
Replied by scroucher on topic Re: Filter rule does not block traffic
I have a 2820 on v3.3.7 too and can confirm the firewall rules no longer do anything.

I've put a LAN->WAN rule in which will block any packet from 10.0.0.0/24 to ANY with Block Immediately but still packets go out.
Steve

Please Log in or Create an account to join the conversation.

More
05 Mar 2012 14:24 #71452 by frag
Replied by frag on topic Re: Filter rule does not block traffic
In 99% of the cases where this does not work the problem can be traced to the fact that the service type has been configured incorrectly.

You need to set the DESTINATION PORTS ONLY. Do not set the source port as 3389, leave this as 1~65535 so that NAT can assign a pseudo-port.

Please Log in or Create an account to join the conversation.

More
07 Mar 2012 08:48 #71495 by scroucher
Replied by scroucher on topic Re: Filter rule does not block traffic
I have entered the following under the default data rule:

Direction: WAN --> LAN
Source IP: <my work address>
Destination IP: 10.0.0.220
Service type: TCP, Port: from any to 3389
Filter: Pass immediately

The next rule in the list is:

Direction: WAN --> LAN
Source IP: ANY
Destination IP: 10.0.0.220
Service type: TCP, Port: from any to 3389
Filter: Block immediately

Does nothing at all whatsoever, but works fine if I downgrade the router to 3.3.6. I should point out that I've also wiped the router with the latest .rst file and manually re-entered all of the config settings again but with no luck.

The above rules should be filtered a NAT redirection rule which forwards port 13389 (external) to the usual RDP port of a VM.

Steve
Steve

Please Log in or Create an account to join the conversation.

More
07 Mar 2012 09:27 #71496 by scroucher
Replied by scroucher on topic Re: Filter rule does not block traffic
Hmm, just created this test rule:

Direction: LAN --> LAN
Source IP: 10.0.0.11
Destination IP: ANY
Service type: ANY
Filter: Block immediately

This blocks all traffic from the source listed to the internet, which is wrong in my opinion as the setting should be LAN --> WAN as it was in previous versions.
Steve

Please Log in or Create an account to join the conversation.

More
07 Mar 2012 09:31 #71497 by scroucher
Replied by scroucher on topic Re: Filter rule does not block traffic
Further playing suggests that ALL rules need to be set to LAN --> LAN even if they're coming from a public address to internal. Nice bug!
Steve

Please Log in or Create an account to join the conversation.

Moderators: Sami