Hello,
I have created a simple rule, to block a device from accessing the internet.
Only NTP shall be allowed. As DNS only Ipfire’s inbuilt DNS server is allowed.
Now, the way I understand the logs is, that this IP 192.168.77.230 does not get blocked:
First I thought it’s a long session that would just continue, but I can’t see anything with
conntrack -L -s 192.168.77.230
Do I still have a knot in my brain, or is really something not working?
Regards
Usually the logs show the blocked accesses.
So your rules should be working.
You can check that, if you look at the iptables rules in Firewall → iptables, section FORWARDFW.
Oh, I see…
but it rather seems to me, everything’s logged that hits a rule, i. e.
[user@host:~]$ date +%T ; telnet 193.99.144.80 443
23:24:15
Trying 193.99.144.80...
Connected to 193.99.144.80.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[user@host:~]$ date +%T ; telnet 8.8.4.4 443
23:24:24
Trying 8.8.4.4...
^C
(I do block the Google DNS servers…)
Do I see interpret that right? If so, is there any way to distinguish between blocked and allowed traffic?
Regards
Have you seen this?
I do this for DNS and NTP.
Works great.
@matthaesius , that’s right!
If you tick the ‘Log’ check box for blocking rules only, only those are logged. Your rules 1 and 3 are allow rules, for example.
Cool, didn’t know that one 
Ok, got it. 
Now one (final) question,
when would a message like that show up? (the REJECT_FORWARD ones)
(That’s Google by the way 
)
@matthaesius
Sorry for the late reply.
You can list your iptables rules with getipstat with parameters
-f … table filter-m … table mangle-n … table natfrom a shell. This should show the rule which generates the REJECT_FORWARD label.