I created a rulse to block communication from my interfaces to a special country. In the attached picture you can see that the outgoing rule was set to block but the policy is set to allow (green marked).
What I am doing wrong or missunderstood?
Thanks in advanced and best regards
Welcome to our community.
The color shown after the number of the rule represents what the rule will do:
- accept, green
- drop, red (like in your case)
- reject, turquoise
the policy at the bottom of the rules shows what is the default rule for that category. Being your color red (drop) I do not see anything wrong here. However, the logs are always the best way to check these things. Simplest and most direct test, in the terminal
tail -f /var/log/messages and then try to connect to a website in the blocklist, you will see if the packets are indeed dropped.
It make sense build a group first, else you will end with so much firewall entries.
Then you take the group into the firewall rule.
Sometimes you will get some curiosity in communication to some sites.
Keep in mind, that you have block some GeoIPs, so you need to take this into your failure search too.
Inactivate the rule for a test, to get be sure, that the curiosity is not a result of your GeoIP block.
The reason it is not blocked
Is your default firewall behavior out is allow.
You would have to change it to block.
This will affect all users.
You will need rules for all traffic or use