Allow one block everything else [Resolved]

I have an application.
How do I create custom rule to allow one IP range and block everything else?

Hello. :slight_smile:

Firewall > Advanced > Network Security Policy > Add > Select > Browse (to application location and select).
Select “Use Custom Policy” and “Add”.

Here you can customize all settings including an IP range for source/destination IPs.
Then create another rule under your first allow rule that blocks everything else.
Remember to Apply

Nice thanks

Well i tried this with firefox as an example…
I want firefox to only be able to access my localhost apache server… and NoT the internet…

first rule allow TCP OUT from IP to IP
(I also tried allow from localhost to localhost where sourceport is any …)

second rule:
Block TCP out from IP any to IP any…

If i only have first rule… firefox can go anywhere…
if I add second rule… firefox is completely blocked even for localhost…

Help would be very apreciated


Make the rule like this:

Allow From IP ANY to IP

The rule does not match because your “real ip” is used on connect to the webserver, check your access logs and see what’s in there.

Thank you… its working great!