Use Ethernet bridging Application blocks to block access to Applications and drop or reject SSH, NTP, or gaming traffic. If you have a Bridge interface that passes traffic through it, use this feature instead of Deep Packet Inspection (DPI) filtering.
A typical scenario for using this feature is when you don’t use Smoothwall as your Firewall and an Ethernet bridge passes traffic from a Smoothwall interface to one of your Firewall interfaces.
Before you begin
You must have:
- The Zone module installed to see the Ethernet bridging page.
- An interface with the Type set to Bridge on the Network > Configuration > Interfaces page.
Block a service
Add a block
- Go to Network > Firewall > Ethernet bridging.
- In the Application blocks section, you can see a list of Application Themes or select the + icon to see individual Applications within that Application Theme.
Important
If you only see File Transfer and Networking in the list, you aren’t licensed for Layer 7 Application Control. You can’t manage this from the Licenses or Modules pages, so contact your CSM.
- Select the checkboxes next to any combination of Themes or Applications.
- Select Save changes.
Remove a block
- Clear the checkbox for the individual Application or Application Theme.
- Select Save changes.
Managing exceptions to the block
Exceptions allow traffic through for Applications for specific Source IP addresses, IP ranges or subnets.
Add an exception
- Select Add new exception.
- Ensure Enabled is selected.
- Enter the Source IP to exempt from the block.
- (Optional) Add a comment.
- Select Add.
Edit an exception
- Hover over the exception.
- Select Edit.
- Edit as required.
- Select Save changes.
Remove an exception
To delete an exception:
- Hover over the exception.
- Select Delete.
- Select Delete again.
Alternatively, to keep an item in the list but have Smoothwall ignore it:
- Hover over the exception.
- Select Edit.
- Clear the Enabled checkbox.
- Select Save changes.