DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Help - 2860 Firewall - Block everything(!) but 1 website

More
25 Sep 2020 22:54 #97264 by zoly
Hey Experts,

I need some help.
I want to block everything, I mean ALL packets (This is simple with the "Block Immediately") but then...
I would like to allow access to just one website.
All the usual tutorials etc. are using UCF/DNS filtering as such. Yes they do work but only limiting the web access.
Any other packets are in free flow. ie. FTP/SSH or anything really which is not HTTP/HTTPS.
Is there any way to do as above. All packets stop. only HTTP/s are allowed to 1 specific site?

Thank you for your thoughts...

Please Log in or Create an account to join the conversation.

More
26 Sep 2020 03:27 #97266 by hornbyp
You can accomplish this with the "Firewall".

A couple of variations on a theme are possible.

I would set the "Start Filter" in "Data Filter" to be "Set#1" (Firewall>>General Setup) and
then add rules to 'Set 1' (Firewall>>Filter Setup).

Edit this 'set' so it has two rules. (Firewall >>Filter Setup>>Edit Filter Set)
Rule 1 would be "Any" for everything and "Block if no further Match"
Rule 2 would be the specific traffic you want to allow (using IP addresses)

(Change Next Filter Set to "none")

(You can probably achieve something similar using Firewall>>General Setup>>Default Rule - but I've not used it.)

If you set the "[ ]Syslog" flag for your rules (and configure a Syslog Daemon somewhere), you can watch the firewall in action.

I should imagine you'll end up allowing more traffic than you anticipate - DNS for example?

Please Log in or Create an account to join the conversation.

More
26 Sep 2020 11:00 #97270 by zoly
Thank you.

A bit better but still, I can access any websites (and not talking about ftp etc.) on non standard ports.
Ok.. Here it is what I'd like to achive.
Access only to google, gmail and google classroom.
Only http / https to the above sites and block totaly everything else.
No access to any other services, websites on non standard ports, no youtube, ftp etc.
I can do this easily on sophos UTM. but I'm trying to reduce the number of equipments.
I can't believe it is not possible on Draytek...

Please Log in or Create an account to join the conversation.

More
26 Sep 2020 19:03 #97276 by hornbyp

zoly wrote:
A bit better but still, I can access any websites (and not talking about ftp etc.) on non standard ports.



When Rule 1 is created (Block everything if no further match), nothing is allowed out (unless it originates at the Draytek itself). Then you choose what is allowed and add it/them to Rule 2 (and probably) subsequent rules.


Here it is what I'd like to achive.
Access only to google, gmail and google classroom.
Only http / https to the above sites and block totally everything else.



So you need to find the corresponding IP addresses for these sites, and add "allow" rules to the filter set (specifying ports 80 & 443) only. Until you do so, they will not be accessible either. Nothing will be...

Please Log in or Create an account to join the conversation.

More
29 Sep 2020 02:41 #97282 by johngalt
Suggested to try following:

1. In URL content filter profile, the URL access control section has an "Action" dropdown, choose "Pass", and create the URL that you wish to pass in the object

2. Apply this URL content filter along with DNS Filter into Firewall filter rule

3. in Firewall > General Setup > Default Rule, select block by default. This will block all traffics unless matching the pass rule you create in filter rule with the URL object.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami