Blocked IP not blocking


I have created a simple rule, to block a device from accessing the internet.
Only NTP shall be allowed. As DNS only Ipfire’s inbuilt DNS server is allowed.

Now, the way I understand the logs is, that this IP does not get blocked:

First I thought it’s a long session that would just continue, but I can’t see anything with
conntrack -L -s

Do I still have a knot in my brain, or is really something not working?


Usually the logs show the blocked accesses.
So your rules should be working.
You can check that, if you look at the iptables rules in Firewall → iptables, section FORWARDFW.

Oh, I see…

but it rather seems to me, everything’s logged that hits a rule, i. e.

[user@host:~]$ date +%T ; telnet 443
Connected to
Escape character is '^]'.
telnet> quit
Connection closed.
[user@host:~]$ date +%T ; telnet 443

(I do block the Google DNS servers…)

Do I see interpret that right? If so, is there any way to distinguish between blocked and allowed traffic?


Have you seen this?
I do this for DNS and NTP.
Works great.


@matthaesius , that’s right!
If you tick the ‘Log’ check box for blocking rules only, only those are logged. Your rules 1 and 3 are allow rules, for example.

1 Like

Cool, didn’t know that one :grinning:

Ok, got it. :slightly_smiling_face:
Now one (final) question,
when would a message like that show up? (the REJECT_FORWARD ones)

(That’s Google by the way :face_with_raised_eyebrow:)

Sorry for the late reply.

You can list your iptables rules with getipstat with parameters

  • -f … table filter
  • -m … table mangle
  • -n … table nat

from a shell. This should show the rule which generates the REJECT_FORWARD label.