我正在尝试阻止我们网络上的计算机的所有网络(HTTP 和 HTTPS 流量) - 除 1 个网站外。我正在使用 USG-3P,并在防火墙规则中添加以下 2 条规则(按顺序):
Internet In, Before Predefined Rules, Accept, All IPv4 Protocol
Source Type Port/IP Group, IPv4 Address Group [WEBSITE IP ADDRESS], Port Group "Web" [80, 443]
Destination Type IP Address IPv4 Address [MACHINE LOCAL IP ADDRESS]
Internet In, Before Predefined Rules, Reject, All IPv4 Protocol
Source Type Port/IP Group, IPv4 Address Group Any, Port Group "Web" [80, 443]
Destination Type IP Address IPv4 Address [MACHINE LOCAL IP ADDRESS]
这似乎不起作用。有人有什么想法吗?只是试图完全阻止网络上除 1 个网站之外的单台计算机的所有网络流量。
谢谢。
答案1
Rule 1 (Allow access to
specific website):
Action: Accept
Source: IPv4 Address Group [WEBSITE IP ADDRESS], Port Group "Web" [80, 443]
Destination: IPv4 Address [MACHINE LOCAL IP ADDRESS]
Rule 2 (Block all other web traffic):
Action: Drop
Source: Any
Destination: IPv4 Address [MACHINE LOCAL IP ADDRESS], Port Group "Web" [80, 443]
确保接受优先于放弃
我认为你应该像上面那样做