Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Oprogramowanie / Software → Problem z firewall
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
Witam,
Mam problem z firewallem. Zrobiłem ograniczenia dla danego adresy MAC ale niestety funkcja blokowania nie działa. Jeżeli zablokuje dany adres IP to funkcja blokowania zaczyna działać. Nie wiem dlaczego tak się dzieje. Chciałem edytować ustawienia firewalla ale nie mogę znaleźć katalogu z plikami. Według instrukcji powinny sie znajdować w /etc/config/firewall. Proszę o pomoc.
Dokładnie jest w /etc/config/firewall.
Pokaż wynik
uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[0].reload='1'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[1]=include
firewall.@include[1].type='script'
firewall.@include[1].path='/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
firewall.@include[1].family='IPv4'
firewall.@include[1].reload='1'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.openvpn_include_file=include
firewall.openvpn_include_file.path='/etc/openvpn.firewall'
firewall.openvpn_include_file.reload='1'
firewall.vpn_zone=zone
firewall.vpn_zone.name='vpn'
firewall.vpn_zone.network='vpn'
firewall.vpn_zone.input='ACCEPT'
firewall.vpn_zone.output='ACCEPT'
firewall.vpn_zone.forward='ACCEPT'
firewall.vpn_zone.mtu_fix='1'
firewall.vpn_zone.masq='1'
firewall.vpn_lan_forwarding=forwarding
firewall.vpn_lan_forwarding.src='lan'
firewall.vpn_lan_forwarding.dest='vpn'
firewall.lan_vpn_forwarding=forwarding
firewall.lan_vpn_forwarding.src='vpn'
firewall.lan_vpn_forwarding.dest='lan'
firewall.ra_openvpn=remote_accept
firewall.ra_openvpn.zone='wan'
firewall.ra_openvpn.local_port='1194'
firewall.ra_openvpn.remote_port='1194'
firewall.ra_openvpn.proto='udp'
firewall.vpn_wan_forwarding=forwarding
firewall.vpn_wan_forwarding.src='vpn'
firewall.vpn_wan_forwarding.dest='wan'
firewall.wan_ftp_server_command=remote_accept
firewall.wan_ftp_server_command.proto='tcp'
firewall.wan_ftp_server_command.zone='wan'
firewall.wan_ftp_server_command.local_port='21'
firewall.wan_ftp_server_command.remote_port='21'
firewall.wan_ftp_server_pasv=remote_accept
firewall.wan_ftp_server_pasv.proto='tcp'
firewall.wan_ftp_server_pasv.zone='wan'
firewall.wan_ftp_server_pasv.start_port='50990'
firewall.wan_ftp_server_pasv.end_port='50999'
firewall.@rule[9]=rule
firewall.@rule[9].name='oscam'
firewall.@rule[9].src='wan'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].dest_port='10560'
firewall.redirect_enabled_number_0=redirect
firewall.redirect_enabled_number_0.name='owncloud'
firewall.redirect_enabled_number_0.src='wan'
firewall.redirect_enabled_number_0.dest='lan'
firewall.redirect_enabled_number_0.proto='tcp'
firewall.redirect_enabled_number_0.src_dport='8443'
firewall.redirect_enabled_number_0.dest_ip='192.168.1.111'
firewall.redirect_enabled_number_0.dest_port='8222'
firewall.redirect_enabled_number_1=redirect
firewall.redirect_enabled_number_1.name='owncloud'
firewall.redirect_enabled_number_1.src='wan'
firewall.redirect_enabled_number_1.dest='lan'
firewall.redirect_enabled_number_1.proto='udp'
firewall.redirect_enabled_number_1.src_dport='8222'
firewall.redirect_enabled_number_1.dest_ip='192.168.1.111'
firewall.redirect_enabled_number_1.dest_port='8222'
firewall.redirect_enabled_number_2=redirect
firewall.redirect_enabled_number_2.name='owncloud80'
firewall.redirect_enabled_number_2.src='wan'
firewall.redirect_enabled_number_2.dest='lan'
firewall.redirect_enabled_number_2.proto='tcp'
firewall.redirect_enabled_number_2.src_dport='90'
firewall.redirect_enabled_number_2.dest_ip='192.168.1.120'
firewall.redirect_enabled_number_2.dest_port='90'
firewall.redirect_enabled_number_3=redirect
firewall.redirect_enabled_number_3.name='owncloud80'
firewall.redirect_enabled_number_3.src='wan'
firewall.redirect_enabled_number_3.dest='lan'
firewall.redirect_enabled_number_3.proto='udp'
firewall.redirect_enabled_number_3.src_dport='90'
firewall.redirect_enabled_number_3.dest_ip='192.168.1.120'
firewall.redirect_enabled_number_3.dest_port='90'
firewall.redirect_disabled_number_0=redirect_disabled
firewall.redirect_disabled_number_0.name='dreambox'
firewall.redirect_disabled_number_0.src='wan'
firewall.redirect_disabled_number_0.dest='lan'
firewall.redirect_disabled_number_0.proto='tcp'
firewall.redirect_disabled_number_0.src_dport='10661'
firewall.redirect_disabled_number_0.dest_ip='192.168.1.1'
firewall.redirect_disabled_number_0.dest_port='10661'
firewall.redirect_disabled_number_1=redirect_disabled
firewall.redirect_disabled_number_1.name='dreambox'
firewall.redirect_disabled_number_1.src='wan'
firewall.redirect_disabled_number_1.dest='lan'
firewall.redirect_disabled_number_1.proto='udp'
firewall.redirect_disabled_number_1.src_dport='10661'
firewall.redirect_disabled_number_1.dest_ip='192.168.1.1'
firewall.redirect_disabled_number_1.dest_port='10661'
firewall.redirect_enabled_number_4=redirect
firewall.redirect_enabled_number_4.name='owncloud https'
firewall.redirect_enabled_number_4.src='wan'
firewall.redirect_enabled_number_4.dest='lan'
firewall.redirect_enabled_number_4.proto='tcp'
firewall.redirect_enabled_number_4.src_dport='445'
firewall.redirect_enabled_number_4.dest_ip='192.168.1.111'
firewall.redirect_enabled_number_4.dest_port='445'
firewall.redirect_enabled_number_5=redirect
firewall.redirect_enabled_number_5.name='owncloud https'
firewall.redirect_enabled_number_5.src='wan'
firewall.redirect_enabled_number_5.dest='lan'
firewall.redirect_enabled_number_5.proto='udp'
firewall.redirect_enabled_number_5.src_dport='445'
firewall.redirect_enabled_number_5.dest_ip='192.168.1.111'
firewall.redirect_enabled_number_5.dest_port='445'
firewall.redirect_enabled_number_6=redirect
firewall.redirect_enabled_number_6.name='ftp'
firewall.redirect_enabled_number_6.src='wan'
firewall.redirect_enabled_number_6.dest='lan'
firewall.redirect_enabled_number_6.proto='tcp'
firewall.redirect_enabled_number_6.src_dport='5050-5080'
firewall.redirect_enabled_number_6.dest_port='5050-5080'
firewall.redirect_enabled_number_6.dest_ip='192.168.1.20'
firewall.redirect_enabled_number_7=redirect
firewall.redirect_enabled_number_7.name='ftp'
firewall.redirect_enabled_number_7.src='wan'
firewall.redirect_enabled_number_7.dest='lan'
firewall.redirect_enabled_number_7.proto='udp'
firewall.redirect_enabled_number_7.src_dport='5050-5080'
firewall.redirect_enabled_number_7.dest_port='5050-5080'
firewall.redirect_enabled_number_7.dest_ip='192.168.1.20'
firewall.rule_2=restriction_rule
firewall.rule_2.is_ingress='0'
firewall.rule_2.description='Lila tablet Alcatel'
firewall.rule_2.local_addr='B0:E0:3C:6D:50:8C'
firewall.rule_2.enabled='0'
firewall.rule_6=restriction_rule
firewall.rule_6.is_ingress='0'
firewall.rule_6.description='Telewizor LG'
firewall.rule_6.local_addr='E8:F2:E2:18:4D:6A'
firewall.rule_6.enabled='0'
firewall.rule_5=restriction_rule
firewall.rule_5.is_ingress='0'
firewall.rule_5.description='Franek Xiaomi 4x'
firewall.rule_5.local_addr='192.168.1.195'
firewall.rule_5.enabled='1'
firewall.rule_1=restriction_rule
firewall.rule_1.is_ingress='0'
firewall.rule_1.description='PLaystation 4'
firewall.rule_1.local_addr='192.168.1.190'
firewall.rule_1.enabled='1'
firewall.exception_2=whitelist_rule
firewall.exception_2.is_ingress='0'
firewall.exception_2.description='Po godzinie 16'
firewall.exception_2.active_weekdays='mon,tue,wed,thu,fri'
firewall.exception_2.active_hours='16:00-00:00'
firewall.exception_2.enabled='0'
firewall.exception_3=whitelist_rule
firewall.exception_3.is_ingress='0'
firewall.exception_3.description='Dostęp weekend'
firewall.exception_3.local_addr='192.168.1.190,192.168.1.195'
firewall.exception_3.active_weekdays='sun,fri,sat'
firewall.exception_3.enabled='0'
firewall.exception_1=whitelist_rule
firewall.exception_1.is_ingress='0'
firewall.exception_1.description='Playstation 4 dostęp'
firewall.exception_1.local_addr='192.168.1.190'
firewall.exception_1.active_weekdays='sun,sat'
firewall.exception_1.active_hours='11:00-13:00, 16:00-18:00'
firewall.exception_1.enabled='0'
firewall.exception_4=whitelist_rule
firewall.exception_4.is_ingress='0'
firewall.exception_4.description='Wakacje'
firewall.exception_4.local_addr='192.168.1.190,192.168.1.195'
firewall.exception_4.active_hours='08:00-21:00'
firewall.exception_4.enabled='1'
Więc masz firewalla w tamtym miejscu. Nie napisałeś najważniejszego - używasz gargoyle. W jakiej wersji?
Która reguła z powyższych nie działa?
Faktycznie o tym zapomniałem. Nie działa reguła blokowania PLaystation 4 jeżeli wpiszę MAC adress.
Zrób tą regułę i pokaż firewalla.
Jeszcze raz: jaka wersja gargoyle? Blokowanie po mac dla innych hostów działa?
Wersja Gargoule 1.9.0.3 (r49208). Faktycznie zapomniałem dopisać oprogramownia.
firewall.rule_2=restriction_rule
firewall.rule_2.is_ingress='0'
firewall.rule_2.description='Lila tablet Alcatel'
firewall.rule_2.local_addr='B0:E0:3C:6D:50:8C'
firewall.rule_2.enabled='0'
firewall.rule_6=restriction_rule
firewall.rule_6.is_ingress='0'
firewall.rule_6.description='Telewizor LG'
firewall.rule_6.local_addr='E8:F2:E2:18:4D:6A'
firewall.rule_6.enabled='0'
firewall.rule_5=restriction_rule
firewall.rule_5.is_ingress='0'
firewall.rule_5.description='Franek Xiaomi 4x'
firewall.rule_5.local_addr='192.168.1.195'
firewall.rule_5.enabled='1'
firewall.rule_1=restriction_rule
firewall.rule_1.is_ingress='0'
firewall.rule_1.description='PLaystation 4'
firewall.rule_1.local_addr='28:56:5A:F9:17:1B'
firewall.rule_1.enabled='1'
firewall.exception_2=whitelist_rule
firewall.exception_2.is_ingress='0'
firewall.exception_2.description='Po godzinie 16'
firewall.exception_2.active_weekdays='mon,tue,wed,thu,fri'
firewall.exception_2.active_hours='16:00-00:00'
firewall.exception_2.enabled='0'
firewall.exception_3=whitelist_rule
firewall.exception_3.is_ingress='0'
firewall.exception_3.description='Dostęp weekend'
firewall.exception_3.local_addr='192.168.1.190,192.168.1.195'
firewall.exception_3.active_weekdays='sun,fri,sat'
firewall.exception_3.enabled='0'
firewall.exception_1=whitelist_rule
firewall.exception_1.is_ingress='0'
firewall.exception_1.description='Playstation 4 dostęp'
firewall.exception_1.local_addr='192.168.1.190'
firewall.exception_1.active_weekdays='sun,sat'
firewall.exception_1.active_hours='11:00-13:00, 16:00-18:00'
firewall.exception_1.enabled='0'
firewall.exception_4=whitelist_rule
firewall.exception_4.is_ingress='0'
firewall.exception_4.description='Wakacje'
firewall.exception_4.local_addr='192.168.1.190,192.168.1.195'
firewall.exception_4.active_hours='08:00-21:00'
firewall.exception_4.enabled='0'
1. Używasz starej wersji, zainstaluj aktualną
2. Sprawdziłem te reguły u siebie i działają, po wprowadzeniu mac blokuje się dostęp do stron. Jesteś pewien tego mac adresu? Zobacz na zakładce statusu/połączone urządzenia czy PS4 ma dokładnie taki adres mac.
Jestem pewien. Sprawdzałem fizycznie na sprzęcie. Aktualizacja to dłuższy proceder. Muszę zainstalować od nowa soft a mam teraz oscama i nie chcę ustawiać wszystkiego od nowa. Kiedyś rozmawialiśmy na ten temat. Poniżej przesyła wycinek z podłączonych urządzeń. Nie mogę zrobić upgrade bez straty ustawień?
Playstation 192.168.1.190 28:56:5A:F9:17:1B 8h 16m
Nie powinieneś zrobić upgrade z zachowaniem konfiguracji. Trochę za duży przeskok.
Sorki nie zrozumiałem. Czyli mogę zrobić upgrade z zachowaniem ustawień. Czy od nowa muszę wszystko ustawiać?
A jeszcze mam małe pytanko. Czy jest możliwość ustawienia w Gargoyle opcji aby ustawić limit czasu dostępu do sieci danemu urządzeniu. Chodzi mi bardziej aby syn miał limit korzystania z internetu np. 2 godziny w ciągu dnia.
Nie, nie ma łącznego limitu czasu. Możesz sobie zrobić sam (http://eko.one.pl/?p=openwrt-blokady)
Nie, zrób upgrade bez zachowania konfiguracji i ustaw ręcznie ponownie wszystko.
Szkoda, że nie mogę zrobić upgrade. Kiedyś będę musiał do tego usiąść. Dzięki wielkie za pomoc i nie zawracam już głowy.
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → Problem z firewall
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc