How to block several IP ranges in application monitor?


Sometimes I create a game server with Internet access to it. This server has a little bug: someone’s lags causes whole server’s lags. Then I’ve found that laggy players has some several IP ranges. I’ve tried to block those ranges:
Step 1: I’ve added a rule for the main server application that allows everithing (TCP/UDP, In/Out, IP: Any, Port: Any)

Step 2: I’ve added a blocking rule for the first IP range (TCP/UDP, In/Out, IP: range 1, Port: Any)
Step 3: The same for the second IP range
An so on… (I’ve added about 7 IP ranges)

Then I started server, played some time and found that players with laggy IPs can easily connect to the server. And I can see them in Activity->Connections.

So what did I do wrong. And what should I do to block those laggy IPs?

Why don’t you try making a few rules in the Network monitor?

Block IP In source:Range 1 dest:any
Block IP Out source any dest:Range 1 …

… and so on, for each range…

Or you can try experimenting with Exclude option in the Application monitor, but i’m not sure it would work in your case.

Well, I’ve done some experiments. And the results are not good :frowning:

If I have two or more rules for one application with the same parents, only one will work (here will work the rule that has less restrictions)


If I have two rules for one application - the first rule has a parent defined and the second rule has “Any parent” setting - only one rule works (which one will work depends on a parent application).

I hope that either I did something wrong or this bad thing will be fixed in the nearest future. I don’t want to throw away CPF.
Anyway, I think that Security->Application Monitor settings looks awful and uncomfortable.


I rebooted my computer and the problem has gone :BNC
But I’ve got much more lags with those rules =)