IP block rules are primarily intended to block hostile hosts; however, you can also use this feature to isolate internal hosts, for example, in cases of malware infection. The firewall rules page determines how traffic is allowed through the Smoothwall.
- Go to Network > Firewall > Firewall rules.
- In the section that you wish to create the rule, hover over the section header and select Add rule and then choose whether you want the new rule at the top or bottom of the section. Typically IP block rules would be placed in a section towards the top of the table, and within the top of that section. If you wish, you can create a new section to add your rules by clicking the Add section button and then dragging the sections to rearrange them.
- Create a firewall rule, including the following - see the bottom of this page for an example:
- Enabled Tick this to enable or untick to disable the rule
- Name Give it a descriptive name to help others understand the rule at a later date
- Source IP addresses If you want to block traffic originating from a specific address or subnets, select those IP addresses to block. If no object exists matching what you want to select, click the Create button to add it. To create an exception block rule, use the Exclude button to exclude an IP address, IP address range, or IP address subnet.
- Inbound interfaces Select the interface or interfaces from which the traffic arrives - so for traffic from the Internet, usually this would be your external interface - or leave as empty for 'Any' to match all interfaces
- The following sections are typically not needed to simply block source IP addresses, but are included for completeness:
- Destination IP addresses If you want to block traffic destined for specific addresses, or subnets, select those IP addresses to block. If no object exists matching what you want to select, click the Create button to add it. To create an exception block rule, use the Exclude button to exclude an IP address, IP address range, or IP address subnet.
- Outbound interfaces Select the interface or interfaces from which the traffic exits the Smoothwall - or leave as empty for 'Any' to match all interfaces.
- Services If you want to block only specific ports, choose the service that represents these ports, or click Create to add a new service. Leave blank to match all ports
- Applications If you have Layer 7 deep packet inspection licensed, you can block specific apps by their signature. Leave blank to match all applications
- Groups If you use authentication in the firewall, you can select specific user groups to match in this rule. This would typically only apply from traffic originating inside your network.
- Action From the drop-down list, select either Drop to ignore any request from the source IP address or network (similar to disconnecting an interface), or Reject to send an ICMP connection refused (
ICMP destination-unreachable
) message back to the originating IP address and no further communication is possible. - Log Select to log matching network traffic to the Firewall log.
- Comment Add any additional notes you wish to record along with this rule
Tip: The rules contained in the Firewall rules table are applied in a top-down approach (once a match is found, no further searching is made). It is recommended you create a section at the top of the table specifically for your network-specific block rules so they are not overridden by another later rule, and add the IP address blocking rule to it.
Example
The below rule will drop all traffic received on external interfaces from the address 2.2.2.2