阻止除 1 USG-3P 防火墙之外的所有网站

阻止除 1 USG-3P 防火墙之外的所有网站

我正在尝试阻止我们网络上的计算机的所有网络(HTTP 和 HTTPS 流量) - 除 1 个网站外。我正在使用 USG-3P,并在防火墙规则中添加以下 2 条规则(按顺序):

Internet In, Before Predefined Rules, Accept, All IPv4 Protocol
Source Type Port/IP Group, IPv4 Address Group [WEBSITE IP ADDRESS], Port Group "Web" [80, 443]
Destination Type IP Address IPv4 Address [MACHINE LOCAL IP ADDRESS]

Internet In, Before Predefined Rules, Reject, All IPv4 Protocol
Source Type Port/IP Group, IPv4 Address Group Any, Port Group "Web" [80, 443]
Destination Type IP Address IPv4 Address [MACHINE LOCAL IP ADDRESS]

这似乎不起作用。有人有什么想法吗?只是试图完全阻止网络上除 1 个网站之外的单台计算机的所有网络流量。

谢谢。

答案1

    Rule 1 (Allow access to 
    specific website):
    Action: Accept
    Source: IPv4 Address Group [WEBSITE IP ADDRESS], Port Group "Web" [80, 443]
    Destination: IPv4 Address [MACHINE LOCAL IP ADDRESS]
    Rule 2 (Block all other web traffic): 
    Action: Drop
    Source: Any
    Destination: IPv4 Address [MACHINE LOCAL IP ADDRESS], Port Group "Web" [80, 443]

确保接受优先于放弃


我认为你应该像上面那样做

相关内容